""ET CURRENT_EVENTS Possible Linux/Cdorked.A Incoming Command""
SID: 2016794
Revision: 6
Class Type: attempted-user
Metadata: created_at 2013_04_27, former_category CURRENT_EVENTS, updated_at 2022_05_03
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HTTP_SERVERS
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "SECID="
-
Value: "SECID="
Within:
PCRE: "/\?[0-9a-f]{6}$/U"
Special Options:
- http_cookie