| You are here:
|
|
Client-side attacks
|
Description
The tests have consisted in downloading 257 malicious documents (download) commonly used for client-side attacks from the server (wget).
Synthesis
|
|
Suricata
|
Snort
|
| Number of files sent
|
257
|
257
|
| Number of detected files
|
127
|
157
|
| Number of triggered alerts
|
210
|
374
|
| Detection rate
|
49.41%
|
61.09%
|
Triggered alerts
Suricata
| [**] [1:10504:2] SHELLCODE unescape encoded shellcode [**]
|
3
|
| [**] [1:12799:3] SHELLCODE base64 x86 NOOP [**]
|
2
|
| [**] [1:12802:3] SHELLCODE base64 x86 NOOP [**]
|
2
|
| [**] [1:1394:12] SHELLCODE x86 inc ecx NOOP [**]
|
26
|
| [**] [1:15306:6] WEB-CLIENT Portable Executable binary file transfer [**]
|
4
|
| [**] [1:15357:4] WEB-CLIENT Adobe PDF JBIG2 remote code execution attempt [**]
|
3
|
| [**] [1:16676:1] SPECIFIC-THREATS Adobe Reader malformed FlateDecode colors declaration [**]
|
6
|
| [**] [1:16677:1] WEB-CLIENT Adobe Reader malformed FlateDecode colors declaration [**]
|
1
|
| [**] [1:17233:1] SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt [**]
|
1
|
| [**] [1:17668:1] POLICY attempted download of a PDF with embedded JavaScript [**]
|
122
|
| [**] [1:17808:1] SPECIFIC-THREATS Adobe Flash authplay.dll memory corruption attempt [**]
|
2
|
| [**] [1:2012064:1] ET WEB_CLIENT Foxit PDF Reader Title Stack Overflow [**]
|
4
|
| [**] [1:648:10] SHELLCODE x86 NOOP [**]
|
34
|
| TOTAL
|
210
|
Snort
| [**] [1:10504:2] SHELLCODE unescape encoded shellcode [**]
|
3
|
| [**] [1:12799:3] SHELLCODE base64 x86 NOOP [**]
|
9
|
| [**] [1:12802:3] SHELLCODE base64 x86 NOOP [**]
|
9
|
| [**] [1:13478:1] SPECIFIC-THREATS Adobe PDF collab.collectEmailInfo exploit attempt [**]
|
1
|
| [**] [1:1394:12] SHELLCODE x86 inc ecx NOOP [**]
|
69
|
| [**] [1:15306:6] WEB-CLIENT Portable Executable binary file transfer [**]
|
4
|
| [**] [1:15357:4] WEB-CLIENT Adobe PDF JBIG2 remote code execution attempt [**]
|
3
|
| [**] [1:15697:1] WEB-CLIENT Generic javascript obfuscation attempt [**]
|
2
|
| [**] [1:15698:2] WEB-CLIENT Possible generic javascript heap spray attempt [**]
|
1
|
| [**] [1:16642:1] POLICY File URI scheme [**]
|
38
|
| [**] [1:16664:1] SPECIFIC-THREATS Adobe Reader and Acrobat authplay.dll vulnerability exploit attempt [**]
|
2
|
| [**] [1:16676:1] SPECIFIC-THREATS Adobe Reader malformed FlateDecode colors declaration [**]
|
6
|
| [**] [1:16677:1] WEB-CLIENT Adobe Reader malformed FlateDecode colors declaration [**]
|
1
|
| [**] [1:17233:1] SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt [**]
|
1
|
| [**] [1:17668:1] POLICY attempted download of a PDF with embedded JavaScript [**]
|
132
|
| [**] [1:17808:1] SPECIFIC-THREATS Adobe Flash authplay.dll memory corruption attempt [**]
|
2
|
| [**] [1:18167:1] WEB-CLIENT Possible generic javascript heap spray attempt [**]
|
1
|
| [**] [1:18168:1] WEB-CLIENT Possible generic javascript heap spray attempt [**]
|
2
|
| [**] [1:3820:7] WEB-CLIENT multipacket CHM file transfer attempt [**]
|
1
|
| [**] [1:3821:8] WEB-CLIENT CHM file transfer attempt [**]
|
1
|
| [**] [1:648:10] SHELLCODE x86 NOOP [**]
|
62
|
| [**] [1:7200:2] WEB-CLIENT microsoft word document summary information null string overflow attempt [**]
|
1
|
| [**] [1:8445:2] WEB-CLIENT RTF file with embedded object package download attempt [**]
|
3
|
| [**] [3:15503:1] WEB-CLIENT Download of PowerPoint 95 file [**]
|
2
|
| [**] [3:16343:5] WEB-CLIENT obfuscated header in PDF [**]
|
15
|
| [**] [3:17775:2] SHELLCODE Shikata Ga Nai x86 polymorphic shellcode decoder detected [**]
|
1
|
| [**] [3:18543:2] SPECIFIC-THREATS embedded Shockwave dropper download [**]
|
2
|
| TOTAL
|
374
|
Talk:Suricata-vs-snort/Test-cases/Client-side-attacks