- Use Case Reference : SUC024
- Use Case Title : ET WEB SQL Injection Attempt (Agent NV32ts)
- Use Case Detection : IDS / HTTP /SQL logs
- Attacker Class : Opportunists
- Attack Sophistication : Unsophisticated
- Source IP(s) : Random
- Source Countries : Random
- Source Port(s) : Random
- Destination Port(s) : 80/TCP, 443/TCP
Possible(s) correlation(s) :
- SQL injection tool or bot
Source(s) :
Emerging Threats SIG 2009029 triggers are :
- The HTTP header should contain “NV32ts” User-Agent string. Example : “User-Agent: NV32ts“
- The source port could be any FROM EXTERNAL_NET in destination of an HOME_NET HTTP_PORTS.
