alert udp $HOME_NET any -> [$EXTERNAL_NET,!255.255.255.255] 69 (msg:"ET TFTP Outbound TFTP Write Request"; content:"|00 02|"; depth:2; reference:url,doc.emergingthreats.net/2008116; classtype:policy-violation; sid:2008116; rev:4;)

Added 2017-01-25 17:30:20 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET TFTP Outbound TFTP Write Request"; content:"|00 02|"; depth:2; reference:url,doc.emergingthreats.net/2008116; classtype:policy-violation; sid:2008116; rev:3;)

Added 2011-10-12 19:24:28 UTC

Hello. Can you please consider rule modification.

Broadcast IP address 255.255.255.255 can be excluded from destination because it is not External Net . Writing TFTP is critical functionality for Avaya IP Office.

http://ipo.wikidot.com/tftps

PCAP in attachment

Thank you!

-- MaksymParpaley - 2017-01-16

Hi. Please exclude 255.255.255.255 as destination in External Net var.

-- MaksymParpaley - 2017-01-25

Will add today. Thanks!

-- DarienH - 2017-01-25


alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET TFTP Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:policy-violation; reference:url,doc.emergingthreats.net/2008116; sid:2008116; rev:3;)

Added 2011-09-14 22:37:57 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET TFTP Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:policy-violation; reference:url,doc.emergingthreats.net/2008116; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_TFTP; sid:2008116; rev:3;)

Added 2011-02-04 17:27:13 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET POLICY Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:policy-violation; reference:url,doc.emergingthreats.net/2008116; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_TFTP; sid:2008116; rev:3;)

Added 2009-09-15 12:00:41 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET POLICY Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:policy-violation; reference:url,doc.emergingthreats.net/2008116; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_TFTP; sid:2008116; rev:3;)

Added 2009-09-15 12:00:41 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET POLICY Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:bad-unknown; reference:url,doc.emergingthreats.net/2008116; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_TFTP; sid:2008116; rev:2;)

Added 2009-02-11 19:15:24 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET POLICY Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:bad-unknown; reference:url,doc.emergingthreats.net/2008116; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_TFTP; sid:2008116; rev:2;)

Added 2009-02-11 19:15:24 UTC


alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET POLICY Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:bad-unknown; sid:2008116; rev:1;)

Added 2008-04-09 09:23:49 UTC


Topic revision: r4 - 2017-01-25 - DarienH
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats