#alert tcp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS DNS-Rebinding Attack 172.16.x.x/12 (local IP from remote DNS Server)"; flow:established,from_server; content: "|c0 0c 00 01 00 01|"; content: "|00 04 ac|"; within:3; distance:4; pcre:"/\xac+[\x10|\x11|\x12|\x13|\x14|\x15|\x16|\x17|\x18|\x19|\x1a|\x1b|\x1c|\x1d|\x1e|\x1f]/"; reference:url,crypto.stanford.edu/dns/; classtype:misc-attack; sid:2006919; rev:4;)

Added 2007-10-10 06:31:36 UTC


#alert tcp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS DNS-Rebinding Attack 172.16.x.x/12 (local IP from remote DNS Server)"; flow:established,from_server; content: "|c0 0c 00 01 00 01|"; content: "|00 04 ac|"; within:3; distance:4; pcre:"/\xac+[\x10|\x11|\x12|\x13|\x14|\x15|\x16|\x17|\x18|\x19|\x1a|\x1b|\x1c|\x1d|\x1e|\x1f]/"; reference:url,crypto.stanford.edu/dns/; classtype:misc-attack; sid:2006919; rev:4;)

Added 2007-10-10 06:31:36 UTC


alert tcp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS DNS-Rebinding Attack 172.16.x.x/12 (local IP from remote DNS Server)"; flow:established,from_server; content: "|c0 0c 00 01 00 01|"; content: "|00 04 ac|"; within:3; distance:4; pcre:"/\xac+[\x10|\x11|\x12|\x13|\x14|\x15|\x16|\x17|\x18|\x19|\x1a|\x1b|\x1c|\x1d|\x1e|\x1f]/"; reference:url,crypto.stanford.edu/dns/; classtype:misc-attack; sid:2006919; rev:4;)

Added 2007-09-17 12:47:00 UTC


alert tcp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS DNS-Rebinding Attack 172.16.x.x/12 (local IP from remote DNS Server)"; flow:established,from_server; content: "|c0 0c 00 01 00 01|"; content: "|00 04 ac|"; within:3; distance:4; pcre:"/\xac+[\x10|\x11|\x12|\x13|\x14|\x15|\x16|\x17|\x18|\x19|\x1a|\x1b|\x1c|\x1d|\x1e|\x1f]/"; reference:url,crypto.stanford.edu/dns/; classtype:misc-attack; sid:2006919; rev:4;)

Added 2007-09-17 12:47:00 UTC


alert tcp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS DNS-Rebinding Attack 172.16.x.x/12 (local IP from remote DNS Server)"; flow:established, to_server; content: "|c0 0c 00 01 00 01|"; content: "|00 04 ac|"; within:3; distance:4; pcre:"/\xac+[\x10|\x11|\x12|\x13|\x14|\x15|\x16|\x17|\x18|\x19|\x1a|\x1b|\x1c|\x1d|\x1e|\x1f]/"; reference:url,crypto.stanford.edu/dns/; classtype:misc-attack; sid:2006919; rev:3;)

Added 2007-08-11 12:25:12 UTC


alert tcp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS DNS-Rebinding Attack 172.16.x.x/12 (local IP from remote DNS Server)"; flow:established, to_server; content: "|c0 0c 00 01 00 01|"; content: "|00 04 ac|"; within:3; distance:4; pcre:"/\xac+[\x10|\x11|\x12|\x13|\x14|\x15|\x16|\x17|\x18|\x19|\x1a|\x1b|\x1c|\x1d|\x1e|\x1f]/"; metadata:service dns; reference:url,crypto.stanford.edu/dns/; classtype:misc-attack; sid:2006919; rev:2;)

Added 2007-08-11 05:31:45 UTC


alert tcp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS DNS-Rebinding Attack 172.16.x.x/12 (local IP from remote DNS Server)"; flow:established, to_server; content: "|c0 0c 00 01 00 01|"; content: "|00 04 ac|"; within:3; distance:4; pcre:"/\xac++[\x10|\x11|\x12|\x13|\x14|\x15|\x16|\x17|\x18|\x19|\x1a|\x1b|\x1c|\x1d|\x1e|\x1f]/"; metadata:service dns; reference: http://crypto.stanford.edu/dns/; classtype:misc-attack; sid:2006919; rev:1;)

Added 2007-08-10 01:20:19 UTC


Topic revision: r1 - 2008-01-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats