[Silicon Defense logo]

SnortSnarf signature page

SERVER-WEBAPP GPON Router authentication bypass and command injection attempt

SnortSnarf v021111.1

Signature section (694)Top 20 source IPsTop 20 dest IPs

82 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 13:53:42.094018 on 11/30/2019
Latest such alert at 18:45:40.766665 on 11/24/2020

SERVER-WEBAPP GPON Router authentication bypass and command injection attempt 81 sources 1 destinations
Priority: 1Classification: Web Application Attack
[sid:46624] [CVE:2018-10562]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
91.234.62.312211
115.59.222.1901111
180.127.114.1741111
223.149.253.1481111
222.140.109.791111
182.57.210.1651111
123.12.180.2021111
182.219.86.1181111
115.51.122.1461111
42.239.11.231111
31.146.129.1741111
112.27.123.1731111
223.155.81.111111
222.142.238.1781111
61.2.151.2221111
49.115.64.1491111
91.234.62.2421111
222.139.84.2171111
197.50.215.1551111
202.83.42.1911111
27.7.198.191111
27.216.90.1661111
185.174.195.1331111
111.39.71.2191111
39.74.9.2461111
115.99.221.2021111
202.83.45.191111
177.223.58.1621111
123.146.0.2401111
203.212.251.1731111
218.57.69.981111
123.130.52.1561111
117.90.42.461111
222.247.249.261111
66.38.90.201111
182.123.241.941111
94.43.139.1421111
175.11.215.1591111
116.114.95.2011111
115.49.146.961111
111.40.111.2021111
203.212.237.851111
182.112.76.1831111
183.130.59.1861111
91.234.62.1651111
112.255.86.301111
202.164.139.1961111
203.198.131.471111
218.21.171.1941111
123.8.251.2161111
60.214.52.1531111
111.43.223.191111
36.113.196.1391111
115.52.244.1811111
27.194.12.1721111
117.208.132.1661111
91.234.62.171111
95.32.216.131111
222.244.252.341111
103.41.56.611111
222.247.180.1041111
162.212.115.1581111
124.135.39.2491111
79.101.58.721111
115.97.67.121111
27.206.185.261111
115.56.133.691111
116.75.70.2061111
182.113.203.951111
123.5.191.2291111
61.163.128.651111
222.247.2.1961111
125.41.13.2431111
222.244.167.1281111
114.234.159.2181111
123.10.229.361111
125.99.237.2291111
49.81.99.1371111
118.250.154.361111
177.93.67.2261111
223.155.153.821111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.0.388269081380

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Nov 24 21:01:02 2020