""ET EXPLOIT F5 BIG-IP rsync cmi authorized_keys access attempt""

SID: 2019088

Revision: 3

Class Type: attempted-admin

Metadata: created_at 2014_08_29, updated_at 2014_09_01

Reference:

• Link

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: any

Destination Port: 873

Flow: to_server,established

Contents:

• Value: "cmi/var/ssh/root/authorized_keys"

Within:

PCRE:

Special Options:

source