""ET EXPLOIT REDIS Attempted SSH Key Upload""

SID: 2023512

Revision: 1

Class Type: attempted-admin

Metadata: attack_target Client_Endpoint, created_at 2016_11_15, deployment Datacenter, signature_severity Major, tag SCAN_Redis_SSH, updated_at 2016_11_15

Reference:

• Link

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: 6379

Flow: established,to_server

Contents:

• Value: "*" Depth: 1

• Value: "|0D 0A|set|0D 0A|"

• Value: "ssh-rsa "

Within:

PCRE:

Special Options:

source