Skip to content

Commit

Permalink
Drop snort detected packet
Browse files Browse the repository at this point in the history
  • Loading branch information
@cweibel
cweibel committed Mar 15, 2024
1 parent 0870722 commit 8202004
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions bosh/manifest.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ instance_groups:
- 'drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-OTHER Apache Log4j logging remote code execution attempt"; flow:to_server,established; content:"${"; fast_pattern:only; http_header; content:"|2F|"; http_uri; pcre:"/\x24\x7b(jndi|[^\x7d\x80-\xff]*?\x24\x7b[^\x7d\x80-\xff]*?\x3a[^\x7d]*?\x7d)/Hi"; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy max-detect-ips drop, policy security-ips drop, ruleset community, service http; reference:cve,2021-44228; reference:cve,2021-44832; reference:cve,2021-45046; reference:cve,2021-45105; reference:cve,2022-20933; reference:url,tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-meraki-mx-vpn-dos-vnESbgBf; classtype:attempted-user; sid:58742; rev:8;)'
- 'suppress gen_id 1, sig_id 26275'
- 'drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt"; flow:to_server,established; content:"/cgi-bin/"; depth:10; nocase; http_uri; content:"${IFS}"; fast_pattern:only; http_uri; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, ruleset community, service http; reference:bugtraq,35742; reference:bugtraq,94819; reference:cve,2009-2765; reference:cve,2016-6277; classtype:attempted-admin; sid:2627500; rev:5;)'
- 'suppress gen_id 1, sig_id 44687'
- 'drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt"; flow:to_server,established; content:"/setup.cgi"; nocase; http_uri; content:"currentsetting.htm"; fast_pattern:only; http_uri; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, ruleset community, service http; reference:bugtraq,60281; reference:url,www.exploit-db.com/exploits/25978/; classtype:attempted-admin; sid:44687000; rev:3;)'

- name: secureproxy
release: secureproxy
Expand Down

0 comments on commit 8202004

Please sign in to comment.