Juniper BGP Missing MD5

Dec 1, 2023 · attack.initial_access attack.persistence attack.privilege_escalation attack.defense_evasion attack.credential_access attack.collection attack.t1078 attack.t1110 attack.t1557 ·

Share on:

Detects juniper BGP missing MD5 digest. Which may be indicative of brute force attacks to manipulate routing.

Sigma rule (View on GitHub)

 1title: Juniper BGP Missing MD5
 2id: a7c0ae48-8df8-42bf-91bd-2ea57e2f9d43
 3status: test
 4description: Detects juniper BGP missing MD5 digest. Which may be indicative of brute force attacks to manipulate routing.
 5references:
 6    - https://www.blackhat.com/presentations/bh-usa-03/bh-us-03-convery-franz-v3.pdf
 7author: Tim Brown
 8date: 2023/01/09
 9modified: 2023/01/23
10tags:
11    - attack.initial_access
12    - attack.persistence
13    - attack.privilege_escalation
14    - attack.defense_evasion
15    - attack.credential_access
16    - attack.collection
17    - attack.t1078
18    - attack.t1110
19    - attack.t1557
20logsource:
21    product: juniper
22    service: bgp
23    definition: 'Requirements: juniper bgp logs need to be enabled and ingested'
24detection:
25    keywords_bgp_juniper:
26        '|all':
27            - ':179' # Protocol
28            - 'missing MD5 digest'
29    condition: keywords_bgp_juniper
30fields:
31    - host
32falsepositives:
33    - Unlikely. Except due to misconfigurations
34level: low

References

%PDF-1.2 %âãÏÓ 193 0 obj endobj xref 193 15 0000000016 00000 n 0000001151 00000 n 0000000596 00000 n 0000001216 00000 n 0000001438 00000 n 0000002120 00000 n 0000002855 00000 n 0000003605 00000 n 0...

Read More

Juniper BGP Missing MD5

Sigma rule (View on GitHub)

References

Related rules