""ET EXPLOIT F5 BIG-IP rsync cmi authorized_keys successful exfiltration""

SID: 2019089

Revision: 3

Class Type: attempted-admin

Metadata: created_at 2014_08_29, signature_severity Critical, updated_at 2023_05_30

Reference:

• Link

Protocol: tcp

Source Network: any

Source Port: 873

Destination Network: any

Destination Port: any

Flow: from_server,established

Contents:

• Value: "ssh-rsa"

Within:

PCRE:

Special Options:

source