Detectionlowtest

Juniper BGP Missing MD5

Detects juniper BGP missing MD5 digest. Which may be indicative of brute force attacks to manipulate routing.

Convert In Phoenix Studio

Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.

Launch

Tim BrownCreated Mon Jan 09Updated Mon Jan 23a7c0ae48-8df8-42bf-91bd-2ea57e2f9d43network

Log Source

Juniperbgp

ProductJuniper← raw: juniper

Servicebgp← raw: bgp

Definition

Requirements: juniper bgp logs need to be enabled and ingested

Detection Logic

detection:
    keywords_bgp_juniper:
        '|all':
            - ':179' # Protocol
            - 'missing MD5 digest'
    condition: keywords_bgp_juniper

False Positives

Unlikely. Except due to misconfigurations

References

Resolving title…

blackhat.com

MITRE ATT&CK

Tactics

TA0001 · Initial Access TA0003 · Persistence TA0004 · Privilege Escalation TA0005 · Defense Evasion TA0006 · Credential Access TA0009 · Collection

Techniques

T1078 · Valid Accounts T1110 · Brute Force T1557 · Adversary-in-the-Middle

Rule Metadata

Rule ID

a7c0ae48-8df8-42bf-91bd-2ea57e2f9d43

Status

test

Level

low

Type

Detection

Created

Mon Jan 09

Modified

Mon Jan 23

Author

Tim Brown

Path

rules/network/juniper/bgp/juniper_bgp_missing_md5.yml

Raw Tags

attack.initial-accessattack.persistenceattack.privilege-escalationattack.defense-evasionattack.credential-accessattack.collectionattack.t1078attack.t1110attack.t1557

View on GitHub