Searching for Heartbleed

Top triggered IPS signatures in live enviroment (servers only)


  • NTP Monlist (United States (80%)
  • DNS ANY (United States (60%), China (10%) , Japan (6%), Republic Of Korea (3%))
  • HeartBleed (over 90% from Puerto Rico: 64.247.172.x )
  • NULL Encoding detected within a HTTP request
  • Suspicious File Upload
  • Wordpress Local File Inclusion
  • SQL Injection: Union based
  • Web directory traversal
  • GNU Bash Remote File Execution
  • Joomla ofc_upload_image_php file upload

(Security scanners not listed)


Extra Note
Most DNS ANY attacs came from: 54.239.130.x. Rest were single shots.
Monlist from: 45.63.13.x, 173.242.125.x, 153.31.160.x, 107.191.40.x, 204.42.253.x


Scanners
  • Morfeus
  • Masscan
  • Shodan
  • Sqlmap
  • Muieblackcat