[Silicon Defense logo]

SnortSnarf signature page

SERVER-WEBAPP GPON Router authentication bypass and command injection attempt

SnortSnarf v021111.1

Signature section (614)Top 20 source IPsTop 20 dest IPs

49 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 14:59:52.288820 on 09/24/2019
Latest such alert at 20:43:13.449779 on 09/19/2020

SERVER-WEBAPP GPON Router authentication bypass and command injection attempt 49 sources 1 destinations
Priority: 1Classification: Web Application Attack
[sid:46624] [CVE:2018-10562]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
218.21.171.1941111
180.127.114.1741111
223.149.253.1481111
111.43.223.191111
182.57.210.1651111
182.219.86.1181111
36.113.196.1391111
115.52.244.1811111
31.146.129.1741111
91.234.62.171111
222.244.252.341111
223.155.81.111111
222.247.180.1041111
222.142.238.1781111
61.2.151.2221111
49.115.64.1491111
162.212.115.1581111
79.101.58.721111
91.234.62.2421111
115.97.67.121111
197.50.215.1551111
27.7.198.191111
116.75.70.2061111
182.113.203.951111
61.163.128.651111
222.247.2.1961111
115.99.221.2021111
202.83.45.191111
177.223.58.1621111
222.244.167.1281111
203.212.251.1731111
114.234.159.2181111
125.99.237.2291111
117.90.42.461111
222.247.249.261111
66.38.90.201111
182.123.241.941111
94.43.139.1421111
49.81.99.1371111
175.11.215.1591111
116.114.95.2011111
118.250.154.361111
115.49.146.961111
111.40.111.2021111
203.212.237.851111
91.234.62.1651111
91.234.62.311111
177.93.67.2261111
223.155.153.821111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.0.384961049343

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Mon Sep 21 12:01:01 2020