All Attacks. Filter Name Filter No. Severity. Hit Count : IP: Source IP Address Spoofed (Reserved for Testing) 0055 Minor 6,942,665

Size: px

Start display at page:

Download "All Attacks. Filter Name Filter No. Severity. Hit Count : IP: Source IP Address Spoofed (Reserved for Testing) 0055 Minor 6,942,665"

Esther Dennis
6 years ago
Views:

1 Attacks Start Time: End Time: Action Type: Severity: Other: Jul 1, :42:20 PM EDT Jul 1, :42:20 PM EDT search criteria are in summary page Description: No : IP: Source IP Address Spoofed (Reserved for Testing) 0055 Minor 6,942, : IP: Source IP Address Spoofed (Multicast) 0054 Minor 5,092, : DNS: Version Request (UDP) 0560 Minor 3,697, : HTTP: Apache Default Configuration Information Minor 3,228,053 Disclosure : HTTP: Google Chrome XSSAuditor Filter Security Major 1,987,137 Policy Bypass : CLDAP: Microsoft Windows Server CLDAP Critical 1,156,866 Reflection DDoS : HTTP: Suspicious Javascript Obfuscation Low 584, : TLS: OpenSSL Denial-of-Service Major 459, : HTTP: PHP libzip Integer Overflow Denial-of-Service Major 306, : IP: Invalid IP Traffic (Destination IP Address set to 0558 Critical 303,592 Loopback) : HTTP: Sun Java WebDAV Web Server Overlong Request Remote Code Execution Critical 202, : IP: Non-IGMP Packet with IP options Low 200, : DNS: ISC BIND UDP DNS Number of Answers Critical 162,858 Buffer Overflow : IP: Source IP Address Spoofed (Loopback) 0052 Major 157, : DNS: Suspicious DNS Lookup NOERROR Response Major 151,212 (DGA - Expiro) : HTTP: ZmEu Scanner Minor 94, : HTTP: Adobe Flash ATF Filesize Buffer Overflow Critical 88, : DoS: Engine Protection 7173 Low 75, : DNS: Large UDP Packet DDoS (ONLY enable when under DoS attack) Minor 74, : DNS: Suspicious DNS Lookup NOERROR Response Major 72,689 (DGA - Simda.C) : DNS: PowerDNS Recursor and Tftpd32 DNS Denialof-Service Major 67, : HTTP: Squid Proxy Cache Denial of Service Major 62, : IPv6: Source IP Address Spoofed (Loopback) 8364 Major 61, : HTTP: Apache Request Smuggling 4560 Major 44,787 Attacks Page 1 of 5

2 : HTTP: Android/Spy.Kasandra.B Checkin Major 43, : HTTP: Apache HTTP Server X-Forwarded-For Major 43,129 Denial-of-Service : HTTP: Malformed Windows Executable Download 6109 Minor 40, : HTTP: Cross Site Scripting (Alert function) 3909 Major 39, : UDP: Netcore/Netis Router Backdoor Communication Critical 32,392 Attempt : HTTP: Apache Struts Multipart Encoding Command Critical 26,758 Injection : HTTP: Retired ActiveX Control Instantiation 8640 Major 16, : HTTP: GNU Bash HTTP Header Remote Code Critical 14,530 Execution : Stacheldraht: Agent Finder Gag Scanner (General) 0121 Minor 13, : HTTP: Microsoft Internet Explorer Buffer Overflow Critical 11, : HTTP: Ultra Mini HTTPD URL Buffer Overflow Critical 11, : Invalid TCP Traffic: Possible Recon Scan (SYN FIN) 0290 Minor 10, : MS-SQL: Slammer-Sapphire Worm 1456 Critical 10, : HTTP: PNG File Format Anomaly 3547 Critical 10, : HTTP: Apple itunes Buffer Overflow 3237 Critical 9, : HTTP: Suspicious HTTP Request 8479 Critical 9, : HTTP: Winamp IN_MIDI.dll Buffer Overflow 4528 Critical 8, : HTTP: Apple QuickTime RIFF Parsing Integer Critical 7,775 Overflow (ZDI ) : ICMP: Active Directory LDAP Winsock Denial-of Major 7,313 Service : HTTP: Suspicious Chunked Transfer 4091 Minor 6, : TCP: Win32/TrojanDownloader.Blocrypt Checkin Major 6, : HTTP: SpringSource Spring Framework XML Critical 5,877 External Entity : HTTP: Full-Width / Half-Width Unicode URI Evasion 5380 Minor 5, : SSH: Putty SSH CnC outbound Possible Major 5,770 Win32.Penepe Checkin : HTTPS: Novell Open Enterprise Server HTTPSTK Major 5,058 Denial-of-Service : HTTP: Suspicious HTTP Request 9310 Major 4, : HTTP: Suspicious Double-Unescaped Javascript Code 3629 Major 4, : HTTP: WIN32/KOVTER.B Checkin Major 3, : HTTP: PHP-CGI Query String Parameter Command Critical 3,877 Injection : IP: Duplicate Fragment, e.g., Fragroute 7104 Low 3, : TCP: Gh0st Remote Access Trojan Encrypted Session To CnC Server : HTTP: Suspicious Javascript (eval String.fromCharCode) Major 3, Major 3,677 Attacks Page 2 of 5

3 : HTTP: Suspicious User-Agent (Mozilla) Major 3, : UDP: OpenSSL DTLS Denial-of-Service Major 3, : HTTP: Malwarebytes Update Code Execution Critical 2, : TLS: Suspicious SSL Certificate (DGA) Low 2, : HTTP: Apache HTTP Server mod_cache Denial-of Major 2,734 Service : HTTP: Obfuscated HTML Usage in Exploit Kits Minor 2,694 (Angler) : HTTP: Suspicious JavaScript Obfuscation Major 2, : HTTP: Cross-Site Scripting (Cookie Manipulation) 3959 Minor 2, : Invalid TCP Traffic: Possible Recon Scan (No Flags 0292 Minor 2,460 Set) : DNS: DNS Reply Sinkhole - Microsoft Major 2, / : HTTP: SQL Injection (SLEEP) Minor 2, : HTTP: Apple itunes PLS Playlist Overlong File 9723 Critical 2,092 Location : HTTP: Win32/Joiner.A User-Agent (Clickteam) Major 2, : HTTP: nginx Oversized Chunked Transfer Denial-of Major 2,004 Service : HTTP: Hidden HTML IFrame (Obfuscated) 6162 Major 1, : HTTP: Backdoor.AndroidOS.Obad.a Checkin Major 1, : TCP: Header Length Invalid, e.g., Fragroute 7121 Low 1, : HTTP: Win32/Parite phpmyadmin Scanning Major 1, : HTTP: Apache Struts 2 OGNL Wildcard Matching Code Injection Critical 1, : RDP: Windows Remote Desktop Brute Force Attempt Minor 1,517 by NCrack : SSL: OpenSSL Cipher Function Buffer Overflow Major 1, : TLS: AnubisNetworks Sinkhole SSL Cert lolcat / Major 1, : DNS: Suspicious DNS Lookup NOERROR Response Major 1,450 (DGA - Bankpatch) : HTTP: Apache Struts 2 ClassLoader Security Bypass Critical 1, : HTTP: Microsoft Internet Explorer Cross-Site Critical 1,317 Scripting Filter Bypass : HTTP: Microsoft Internet Explorer 9 CImgTaskSvgDoc Use-After-Free (ZDI ) Critical 1, : TLS: OpenSSL Heartbleed Critical 1, : HTTP: Apache Struts 2 OGNL Command Injection Critical 1, : HTTP: SHTTPD Remote Buffer Overflow 8236 Critical 1, : HTTP: ChinaChopper Checkin Major 1, : HTTP: Multiple Products WEB-INF/META-INF Critical 1,116 Security Policy Bypass (ZDI ,362) : HTTP: Oracle Outside In JPEG 2000 QCD Critical 1,111 Attacks Page 3 of 5

4 Segment Buffer Overflow : HTTP: Shell Command Execution (id command) 0346 Major 1, : HTTP: Microsoft Internet Explorer Suspicious JPEG Critical 1,076 File Download : HTTP: PUA.OSX/InstallCore User-Agent (ICMAC) Low 1, : HTTP: Suspicious Javascript Method Call 5767 Major 1, : HTTP: Microsoft Edge Array Buffer Overflow Critical 932 (ZDI ) : HTTP: webspirs Exploit 0988 Major : HTTP: AWStats Multiple Vulnerabilities 3273 Critical : HTTP: DataLife Engine Code Injection Critical : UDP: Length Invalid 7152 Low : SMTP: Microsoft Outlook ical Meeting Request 4960 Major 808 VEVENT Record Memory Corruption : HTTP: Malicious Quicktime File Download 8302 Critical : HTTP: PHP Exif Extension Buffer Overflow Critical 733 Attacks Page 4 of 5

5 Detail Search Criteria General Criteria Start Time: Jul 1, :42:20 PM EDT Row Limit: 100 End Time: Jul 1, :42:20 PM EDT Run Time: Jul 14, :42:39 PM EDT Filter Criteria Action Type: Reputation Type: Severity: Filter No(s): Filter Name: Filter Category: Profile(s): Network Criteria Src Addr(s): Src Port(s): Dst Addr(s): Dst Port(s): Src Country(s): Dst Country(s): VLAN: Use Client IP for Source Address when Available: true Device / Segment Criteria Dev Grp(s) / Stack(s): Device(s): Segment Group(s): Segment(s): Firewall Profile(s): Firewall Rule(s): User Criteria Src User(s): Dst User(s): Src Machine(s): Dst Domain(s): Src Domain(s): Dst Domain(s): Filter Taxonomy Criteria Protocol: Platform: Classification: Attacks Page 5 of 5

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand