Thanks very much, I've added the rule. Appreciate the assistance!
On Sat, Oct 4, 2014 at 9:30 AM, Michael Starks wrote:
> On 10/04/2014 05:30 AM, Jan Andrasko wrote:
> > Rob,
> >
> > issue with your rule was that this string is not part of url. It is
> > usually in place of user agent, which is
Michael, I'm not sure of anything, which is why I posted :)
I'm going to try Jan's suggestion using Regex.
On Friday, October 3, 2014 10:31:32 AM UTC-4, Michael Starks wrote:
>
> On 2014-10-02 8:08, Robert Moerman wrote:
> > Hello,
> >
> > I'
Hello,
I've been trying to write a rule to detect CGI-based shellshock attacks via
the apache log parser, but I find the signature doesn't fire (even when I
see the string in the apache logs):
*Detect "() { :; };" in url string*
31100
() { :; };
Shellshock Attempt
attack