Juniper BGP Missing MD5
Detects juniper BGP missing MD5 digest. Which may be indicative of brute force attacks to manipulate routing.
Sigma rule (View on GitHub)
1title: Juniper BGP Missing MD5
2id: a7c0ae48-8df8-42bf-91bd-2ea57e2f9d43
3status: test
4description: Detects juniper BGP missing MD5 digest. Which may be indicative of brute force attacks to manipulate routing.
5references:
6 - https://www.blackhat.com/presentations/bh-usa-03/bh-us-03-convery-franz-v3.pdf
7author: Tim Brown
8date: 2023-01-09
9modified: 2023-01-23
10tags:
11 - attack.initial-access
12 - attack.persistence
13 - attack.privilege-escalation
14 - attack.defense-evasion
15 - attack.credential-access
16 - attack.collection
17 - attack.t1078
18 - attack.t1110
19 - attack.t1557
20logsource:
21 product: juniper
22 service: bgp
23 definition: 'Requirements: juniper bgp logs need to be enabled and ingested'
24detection:
25 keywords_bgp_juniper:
26 '|all':
27 - ':179' # Protocol
28 - 'missing MD5 digest'
29 condition: keywords_bgp_juniper
30fields:
31 - host
32falsepositives:
33 - Unlikely. Except due to misconfigurations
34level: low
References
-
%PDF-1.2 %âãÏÓ 193 0 obj endobj xref 193 15 0000000016 00000 n 0000001151 00000 n 0000000596 00000 n 0000001216 00000 n 0000001438 00000 n 0000002120 00000 n 0000002855 00000 n 0000003605 00000 n 0...
Read More
Related rules
- Cisco BGP Authentication Failures
- Cisco LDP Authentication Failures
- Huawei BGP Authentication Failures
- Account Tampering - Suspicious Failed Logon Reasons
- Activity From Anonymous IP Address