#alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)"; flow: to_server, established; content:"X-LINK2STATE"; nocase; content:"CHUNK="; nocase; threshold: type limit, track by_src, count 1, seconds 60; flowbits:set,msxlsa; reference:cve,CAN-2005-0560; reference:url,isc.sans.org/diary.php?date=2005-04-12; reference:url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx; reference:url,doc.emergingthreats.net/bin/view/Main/2001873; classtype:misc-activity; sid:2001873; rev:9;)

Added 2011-10-12 19:10:59 UTC


#alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)"; flow: to_server, established; content:"X-LINK2STATE"; nocase; content:"CHUNK="; nocase; threshold: type limit, track by_src, count 1, seconds 60; flowbits:set,msxlsa; classtype: misc-activity; reference:cve,CAN-2005-0560; reference:url,isc.sans.org/diary.php?date=2005-04-12; reference:url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx; reference:url,doc.emergingthreats.net/bin/view/Main/2001873; sid:2001873; rev:9;)

Added 2011-09-14 21:06:38 UTC


#alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)"; flow: to_server, established; content:"X-LINK2STATE"; nocase; content:"CHUNK="; nocase; threshold: type limit, track by_src, count 1, seconds 60; flowbits:set,msxlsa; classtype: misc-activity; reference:cve,CAN-2005-0560; reference:url,isc.sans.org/diary.php?date=2005-04-12; reference:url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx; reference:url,doc.emergingthreats.net/bin/view/Main/2001873; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_MS05-021; sid:2001873; rev:9;)

Added 2011-02-04 17:21:38 UTC


#alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)"; flow: to_server, established; content:"X-LINK2STATE"; nocase; content:"CHUNK="; nocase; threshold: type limit, track by_src, count 1, seconds 60; flowbits:set,msxlsa; reference:cve,CAN-2005-0560; reference:url,isc.sans.org/diary.php?date=2005-04-12; reference:url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx; classtype: misc-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2001873; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_MS05-021; sid:2001873; rev:9;)

Added 2010-06-23 13:46:09 UTC


#alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)"; flow: to_server, established; content:"X-LINK2STATE"; nocase; content:"CHUNK="; nocase; threshold: type limit, track by_src, count 1, seconds 60; flowbits:set,msxlsa; reference:cve,CAN-2005-0560; reference:url,isc.sans.org/diary.php?date=2005-04-12; reference:url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx; classtype: misc-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2001873; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_MS05-021; sid:2001873; rev:9;)

Added 2010-06-23 13:46:09 UTC


#alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)"; flow: to_server, established; content:"X-LINK2STATE"; nocase; content:"CHUNK="; nocase; threshold: type limit, track by_src, count 1, seconds 60; flowbits:set,msxlsa; reference:cve,CAN-2005-0560; reference:url,isc.sans.org/diary.php?date=2005-04-12; reference:url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx; classtype: misc-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2001873; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_MS05-021; sid: 2001873; rev:9;)

Added 2010-01-12 08:45:49 UTC


#alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)"; flow: to_server, established; content:"X-LINK2STATE"; nocase; content:"CHUNK="; nocase; threshold: type limit, track by_src, count 1, seconds 60; flowbits:set,msxlsa; reference:cve,CAN-2005-0560; reference:url,isc.sans.org/diary.php?date=2005-04-12; reference:url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx; classtype: misc-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2001873; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_MS05-021; sid: 2001873; rev:9;)

Added 2010-01-12 08:45:49 UTC


alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)"; flow: to_server, established; content:"X-LINK2STATE"; nocase; content:"CHUNK="; nocase; threshold: type limit, track by_src, count 1, seconds 60; flowbits:set,msxlsa; reference:cve,CAN-2005-0560; reference:url,isc.sans.org/diary.php?date=2005-04-12; reference:url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx; classtype: misc-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2001873; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_MS05-021; sid: 2001873; rev:9;)

Added 2009-02-07 22:00:25 UTC


alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)"; flow: to_server, established; content:"X-LINK2STATE"; nocase; content:"CHUNK="; nocase; threshold: type limit, track by_src, count 1, seconds 60; flowbits:set,msxlsa; reference:cve,CAN-2005-0560; reference:url,isc.sans.org/diary.php?date=2005-04-12; reference:url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx; classtype: misc-activity; reference:url,doc.emergingthreats.net/bin/view/Main/2001873; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_MS05-021; sid: 2001873; rev:9;)

Added 2009-02-07 22:00:25 UTC


alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)"; flow: to_server, established; content:"X-LINK2STATE"; nocase; content:"CHUNK="; nocase; threshold: type limit, track by_src, count 1, seconds 60; flowbits:set,msxlsa; reference:cve,CAN-2005-0560; reference:url,isc.sans.org/diary.php?date=2005-04-12; reference:url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx; classtype: misc-activity; sid: 2001873; rev:8;)

Added 2008-05-18 19:52:13 UTC


alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)"; flow: to_server, established; content:"X-LINK2STATE"; nocase; content:"CHUNK="; nocase; threshold: type limit, track by_src, count 1, seconds 60; flowbits:set,msxlsa; reference:cve,CAN-2005-0560; reference:url,isc.sans.org/diary.php?date=2005-04-12; reference:url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx; classtype: misc-activity; sid: 2001873; rev:8;)

Added 2008-05-18 19:52:13 UTC


alert tcp any any -> $SMTP_SERVERS 25 (msg:"ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)"; flow: to_server, established; content:"X-LINK2STATE"; nocase; content:"CHUNK="; nocase; threshold: type limit, track by_src, count 1, seconds 60; flowbits:set,msxlsa; reference:cve,CAN-2005-0560; reference:url,isc.sans.org/diary.php?date=2005-04-12; reference:url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx; classtype: misc-activity; sid: 2001873; rev:7;)

Added 2008-04-25 11:14:48 UTC


alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB PPStream PowerPlayer.DLL ActiveX? Control BoF? Vulnerability"; flow:to_client,established; content:"CLSID"; nocase; content:"5EC7C511-CD0F-42E6-830C-1BD9882F3458"; nocase; content:"0x40000"; content:"Logo"; nocase; classtype:web-application-attack; reference:bugtraq,25502; sid:2001873; rev:1;)

Added 2008-04-25 11:08:17 UTC


alert tcp any any -> $SMTP_SERVERS 25 (msg:"ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)"; flow: to_server, established; content:"X-LINK2STATE"; nocase; content:"CHUNK="; nocase; threshold: type limit, track by_src, count 1, seconds 60; flowbits:set,msxlsa; reference:cve,CAN-2005-0560; reference:url,isc.sans.org/diary.php?date=2005-04-12; reference:url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx; classtype: misc-activity; sid: 2001873; rev:7;)

Added 2008-01-25 10:56:38 UTC


alert tcp any any -> $SMTP_SERVERS 25 (msg:"ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)"; flow: to_server, established; content:"X-LINK2STATE"; nocase; content:"CHUNK="; nocase; threshold: type limit, track by_src, count 1, seconds 60; flowbits:set,msxlsa; reference:cve,CAN-2005-0560; reference:url,isc.sans.org/diary.php?date=2005-04-12; reference:url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx; classtype: misc-activity; sid: 2001873; rev:7;)

Added 2008-01-25 10:56:38 UTC


alert tcp any any -> $SMTP_SERVERS 25 (msg: "BLEEDING-EDGE EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)"; flow: to_server, established; content:"X-LINK2STATE"; nocase; content:"CHUNK="; nocase; threshold: type limit, track by_src, count 1, seconds 60; flowbits:set,msxlsa; reference:cve,CAN-2005-0560; reference:url,isc.sans.org/diary.php?date=2005-04-12; reference:url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx; classtype: misc-activity; sid: 2001873; rev:6; )



Topic revision: r2 - 2007-02-27 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats