SnortSnarf signature page

SERVER-WEBAPP GPON Router authentication bypass and command injection attempt

SnortSnarf v021111.1

Signature section (773)

Top 20 source IPs

Top 20 dest IPs

124 alerts with this signature using input module SnortFileInput, with sources:

/var/log/snort/alert

Earliest such alert at 19:28:22.552757 on 03/04/2020
Latest such alert at 08:25:45.341677 on 02/28/2021

SERVER-WEBAPP GPON Router authentication bypass and command injection attempt	123 sources	1 destinations
Priority: 1	Classification: Web Application Attack
[sid:46624] [CVE:2018-10562]

Sources triggering this attack signature

Source	# Alerts (sig)	# Alerts (total)	# Dsts (sig)	# Dsts (total)
91.234.62.31	2	2	1	1
115.59.222.190	1	1	1	1
178.72.71.219	1	1	1	1
180.127.114.174	1	1	1	1
103.19.249.150	1	1	1	1
223.149.253.148	1	1	1	1
222.140.109.79	1	1	1	1
182.57.210.165	1	1	1	1
123.12.180.202	1	1	1	1
153.34.44.157	1	1	1	1
182.219.86.118	1	1	1	1
59.96.24.198	1	1	1	1
59.99.140.32	1	1	1	1
115.51.122.146	1	1	1	1
42.239.11.23	1	1	1	1
31.146.129.174	1	1	1	1
112.27.123.173	1	1	1	1
223.155.81.11	1	1	1	1
45.71.218.69	1	1	1	1
103.117.152.60	1	1	1	1
49.115.64.149	1	1	1	1
61.2.151.222	1	1	1	1
222.142.238.178	1	1	1	1
122.199.125.248	1	1	1	1
182.119.250.150	1	1	1	1
115.48.209.130	1	1	1	1
91.234.62.242	1	1	1	1
119.187.106.180	1	1	1	1
120.85.119.238	1	1	1	1
222.139.84.217	1	1	1	1
197.50.215.155	1	1	1	1
114.228.116.165	1	1	1	1
202.83.42.191	1	1	1	1
27.7.198.19	1	1	1	1
115.49.17.254	1	1	1	1
120.193.91.199	1	1	1	1
177.161.82.195	1	1	1	1
27.216.90.166	1	1	1	1
186.33.122.41	1	1	1	1
39.74.9.246	1	1	1	1
111.39.71.219	1	1	1	1
185.174.195.133	1	1	1	1
202.83.45.19	1	1	1	1
115.99.221.202	1	1	1	1
177.223.58.162	1	1	1	1
123.146.0.240	1	1	1	1
203.212.251.173	1	1	1	1
202.164.138.200	1	1	1	1
111.92.80.45	1	1	1	1
42.224.244.58	1	1	1	1
218.57.69.98	1	1	1	1
222.247.235.227	1	1	1	1
117.90.42.46	1	1	1	1
123.130.52.156	1	1	1	1
222.247.249.26	1	1	1	1
222.244.166.144	1	1	1	1
58.249.78.174	1	1	1	1
66.38.90.20	1	1	1	1
182.123.241.94	1	1	1	1
94.43.139.142	1	1	1	1
175.11.215.159	1	1	1	1
116.114.95.201	1	1	1	1
115.49.146.96	1	1	1	1
111.40.111.202	1	1	1	1
203.212.237.85	1	1	1	1
182.112.76.183	1	1	1	1
183.130.59.186	1	1	1	1
120.85.118.230	1	1	1	1
91.234.62.165	1	1	1	1
42.235.70.182	1	1	1	1
112.255.86.30	1	1	1	1
222.247.6.174	1	1	1	1
202.164.139.196	1	1	1	1
203.198.131.47	1	1	1	1
218.21.171.194	1	1	1	1
60.214.52.153	1	1	1	1
123.8.251.216	1	1	1	1
112.94.97.74	1	1	1	1
178.175.118.18	1	1	1	1
103.66.209.234	1	1	1	1
111.43.223.19	1	1	1	1
112.251.21.153	1	1	1	1
36.113.196.139	1	1	1	1
115.52.244.181	1	1	1	1
27.194.12.172	1	1	1	1
95.32.216.13	1	1	1	1
91.234.62.17	1	1	1	1
117.208.132.166	1	1	1	1
27.197.95.135	1	1	1	1
112.94.99.60	1	1	1	1
222.244.252.34	1	1	1	1
112.30.110.62	1	1	1	1
222.247.180.104	1	1	1	1
103.41.56.61	1	1	1	1
162.212.115.158	1	1	1	1
124.135.39.249	1	1	1	1
115.97.67.12	1	1	1	1
79.101.58.72	1	1	1	1
27.206.185.26	1	1	1	1
115.56.133.69	1	1	1	1
175.5.79.151	1	1	1	1
116.75.70.206	1	1	1	1
82.202.75.5	1	1	1	1
182.113.203.95	1	1	1	1
123.5.191.229	1	1	1	1
61.163.128.65	1	1	1	1
222.247.2.196	1	1	1	1
125.41.13.243	1	1	1	1
222.244.167.128	1	1	1	1
114.234.159.218	1	1	1	1
112.94.100.219	1	1	1	1
123.10.229.36	1	1	1	1
125.99.237.229	1	1	1	1
27.194.150.239	1	1	1	1
125.47.250.77	1	1	1	1
42.224.154.133	1	1	1	1
222.137.154.141	1	1	1	1
49.81.99.137	1	1	1	1
118.250.154.36	1	1	1	1
119.123.174.178	1	1	1	1
177.93.67.226	1	1	1	1
103.41.26.157	1	1	1	1
223.155.153.82	1	1	1	1

Destinations receiving this attack signature

Destinations	# Alerts (sig)	# Alerts (total)	# Srcs (sig)	# Srcs (total)
192.168.0.38	124	769	123	431

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Sun Feb 28 19:01:01 2021