'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:335005)

Rule General Information
Release Date: 2021-12-20
Rule Name: Scanner Paros Detection
Severity:
CVE ID:
Rule Protection Details
Description: Paros is an open source proxy tool for Web application security testing and evaluation. It provides a complete set of features to dynamically intercept, inspect, and modify HTTP and HTTPS traffic to uncover common security vulnerabilities in Web applications. This rule is used to check the traffic characteristics of tool Paros.
Impact: Attackers use scanners to scan targets, may find vulnerabilities in the target system, resulting in system information leakage, and then attack the system to obtain system permissions.
Affected OS: Windows, Linux, Others
Reference:
Solutions
1. If scanning behavior from an unknown IP address is determined, block the IP address immediately. 2. ensure that the file system permissions of Web servers and applications are set properly, and restrict access to sensitive files and directories. 3. ensure that systems and applications are updated to the latest version and fix known vulnerabilities to reduce the impact on the system.