← Library
sigmaDRL-1.1from SigmaHQ/sigma

Juniper BGP Missing MD5

Detects juniper BGP missing MD5 digest. Which may be indicative of brute force attacks to manipulate routing.

Quality
100
FP risk
Forks
0
Views
0
ATT&CK techniques
T1078T1110T1557
Rule sourcerules/network/juniper/bgp/juniper_bgp_missing_md5.yml
title: Juniper BGP Missing MD5
id: a7c0ae48-8df8-42bf-91bd-2ea57e2f9d43
status: test
description: Detects juniper BGP missing MD5 digest. Which may be indicative of brute force attacks to manipulate routing.
references:
    - https://www.blackhat.com/presentations/bh-usa-03/bh-us-03-convery-franz-v3.pdf
author: Tim Brown
date: 2023-01-09
modified: 2023-01-23
tags:
    - attack.initial-access
    - attack.persistence
    - attack.privilege-escalation
    - attack.defense-evasion
    - attack.credential-access
    - attack.collection
    - attack.t1078
    - attack.t1110
    - attack.t1557
logsource:
    product: juniper
    service: bgp
    definition: 'Requirements: juniper bgp logs need to be enabled and ingested'
detection:
    keywords_bgp_juniper:
        '|all':
            - ':179' # Protocol
            - 'missing MD5 digest'
    condition: keywords_bgp_juniper
falsepositives:
    - Unlikely. Except due to misconfigurations
level: low