""ET SCAN Redis SSH Key Overwrite Probing""
SID: 2023510
Revision: 2
Class Type: misc-attack
Metadata: attack_target Client_Endpoint, created_at 2016_07_07, deployment Datacenter, performance_impact Low, signature_severity Minor, tag SCAN_Redis_SSH, updated_at 2016_11_15
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: 6379
Flow: to_server,established
Contents:
-
Value: "*" Depth: 1
-
Value: "config"
-
Value: "set"
-
Value: "dir"
-
Value: "/.ssh"
Within:
PCRE:
Special Options: