ET SCAN MYSQL MySQL Remote FAST Account Password Cracking
This alert is triggered when a high volume of requests 100 in 1 second resembling brute-force password cracking attempts are sent to a MySQL server on port 3306. This behavior is indicative of an attacker attempting to guess MySQL account passwords rapidly.
NF – TLD domain – .ru DNS query
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .ru (Russia).
NF – TLD domain – .cc DNS query
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .cc, which is registered in the Cocos Islands, a group of islands in the Indian Ocean belonging to Australia. This Domain extension is often used as an alternative to the more common extensions such as .com or . net because it is easy to remember and easy to find.
NF – Bad TLD domain – zip DNS query – Check domains
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .zip. This domain ending is sometimes linked to suspicious or malicious activities.
NF – Bad TLD domain – xyz DNS query – Check domains
This alert is triggered when a DNS query from the internal network attempts to resolve a domain ending in .xyz. This domain ending is sometimes linked to suspicious or malicious activities.