[Silicon Defense logo]

SnortSnarf signature page

SERVER-WEBAPP DrayTek multiple products command injection attempt

SnortSnarf v021111.1

Signature section (694)Top 20 source IPsTop 20 dest IPs

48 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 15:16:35.971735 on 05/14/2020
Latest such alert at 17:39:36.782931 on 11/24/2020

SERVER-WEBAPP DrayTek multiple products command injection attempt 32 sources 1 destinations
Priority: 1Classification: Web Application Attack
[sid:53589] [CVE:2020-8515]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
94.200.76.2225511
200.119.45.664411
190.0.39.1663311
72.4.34.1173311
68.132.136.1982211
115.85.32.2102211
1.203.161.582211
154.70.134.712211
136.169.219.632211
190.85.145.1621111
171.103.165.2061111
186.0.181.1341111
5.32.86.981111
187.177.22.1011111
190.249.168.251111
121.32.151.1781111
200.57.117.1561111
200.123.154.961111
68.107.172.1031111
184.162.45.521111
160.2.176.1761111
187.177.153.1901111
169.0.98.651111
86.110.21.1031111
72.138.37.21111
24.244.165.1391111
199.77.206.331111
99.24.236.2351111
181.129.133.1641111
2.42.46.2141111
50.246.217.1971111
116.58.29.381111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.0.384869032380

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Nov 24 21:01:02 2020