unlikely. except due to misconfigurations

Techniques

Sample rules

Cisco LDP Authentication Failures

source: sigma
technicques:
- t1078
- t1110
- t1557

Description

Detects LDP failures which may be indicative of brute force attacks to manipulate MPLS labels

Detection logic

condition: selection_protocol and selection_keywords
selection_keywords:
- SOCKET_TCP_PACKET_MD5_AUTHEN_FAIL
- TCPMD5AuthenFail
selection_protocol:
- LDP

Cisco BGP Authentication Failures

source: sigma
technicques:
- t1078
- t1110
- t1557

Description

Detects BGP failures which may be indicative of brute force attacks to manipulate routing

Detection logic

condition: keywords_bgp_cisco
keywords_bgp_cisco:
  '|all':
  - :179
  - IP-TCP-3-BADAUTH

Juniper BGP Missing MD5

source: sigma
technicques:
- t1078
- t1110
- t1557

Description

Detects juniper BGP missing MD5 digest. Which may be indicative of brute force attacks to manipulate routing.

Detection logic

condition: keywords_bgp_juniper
keywords_bgp_juniper:
  '|all':
  - :179
  - missing MD5 digest

Huawei BGP Authentication Failures

source: sigma
technicques:
- t1078
- t1110
- t1557

Description

Detects BGP failures which may be indicative of brute force attacks to manipulate routing.

Detection logic

condition: keywords_bgp_huawei
keywords_bgp_huawei:
  '|all':
  - :179
  - BGP_AUTH_FAILED