#alert tcp any any -> any 5060 (msg: "BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Request-TCP)"; flow: to_server,established; content:"CSeq"; pcre:"/CSeq\: [^a-zA-Z]*[^\x0a]{16,}/s"; classtype: misc-activity; reference:url,www.securiteam.com/exploits/5AP0F1FFPG.html; sid: 2001915; rev:4; )

Added 2007-05-02 17:00:21 UTC

This is falsing a lot on normal sip traffic, such as to vonage from asterisk.

The threat is old, and obsoleted, so commenting out for now. To be removed soon.

-- MattJonkman - 03 May 2007


alert tcp any any -> any 5060 (msg: "BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Request-TCP)"; flow: to_server,established; content:"CSeq"; pcre:"/CSeq\: [^a-zA-Z]*[^\x0a]{16,}/s"; classtype: misc-activity; reference:url,www.securiteam.com/exploits/5AP0F1FFPG.html; sid: 2001915; rev:4; )



Topic revision: r2 - 2007-05-03 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats