SUC024 : ET WEB SQL Injection Attempt (Agent NV32ts)

  • Use Case Reference : SUC024
  • Use Case Title : ET WEB SQL Injection Attempt (Agent NV32ts)
  • Use Case Detection : IDS / HTTP /SQL logs
  • Attacker Class : Opportunists
  • Attack Sophistication : Unsophisticated
  • Source IP(s) : Random
  • Source Countries : Random
  • Source Port(s) : Random
  • Destination Port(s) : 80/TCP, 443/TCP

Possible(s) correlation(s) :

  • SQL injection tool or bot

Source(s) :

Emerging Threats SIG 2009029 triggers are :

  • The HTTP header should contain “NV32ts” User-Agent string. Example : “User-Agent: NV32ts
  • The source port could be any FROM EXTERNAL_NET in destination of an HOME_NET HTTP_PORTS.
SIG 2009029 1 Week events activity
SIG 2009029 1 Week events activity
SIG 2009029 1 month events activity
SIG 2009029 1 month events activity
1 Month TOP 10 source IPs for SIG 2009029
1 Month TOP 10 source IPs for SIG 2009029