alert tcp any any -> $DNS_SERVERS 1024: (msg:"BLEEDING-EDGE CURRENT EVENTS DNS RPC Exploit big endian (specific to Metasploit Module)"; flow:to_server,established; flowbits:isset,BE.ms.dns.rpc; content:"|05|"; depth:1; content:"|00|"; distance:3; within:1; content:"|00 01|"; distance:17; within:2; reference:url,doc.bleedingthreats.net/bin/view/Main/MSRpcDns; sid:2003594; rev:2;)

Added 2007-05-03 16:30:19 UTC


alert tcp any any -> any 1024: (msg:"BLEEDING-EDGE CURRENT EVENTS DNS RPC Exploit big endian (specific to Metasploit Module)"; flow:to_server,established; flowbits:isset,BE.ms.dns.rpc; content:"|05|"; depth:1; content:"|00|"; distance:3; within:1; content:"|00 01|"; distance:17; within:2; reference:url,doc.bleedingthreats.net/bin/view/Main/MSRpcDns; sid:2003594;)

Added 2007-04-17 19:30:22 UTC

MSRpcDns?

-- MattJonkman - 17 Apr 2007


Topic revision: r2 - 2007-04-17 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats