alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET SCAN Sipvicious Svmap or Svlearnfp Scan Detected"; content:"OPTIONS sip|3A|"; depth:12; content:"From|3A 20 22|sipvicious"; distance:0; content:"To|3A 20 22|sipvicious"; distance:0; classtype:attempted-recon; reference:url,code.google.com/p/sipvicious/; reference:url,blog.sipvicious.org/; reference:url,doc.emergingthreats.net/2011717; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Sipvicious; sid:2011717; rev:2;)

Added 2010-06-29 00:22:52 UTC


alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET SCAN Sipvicious Svmap or Svlearnfp Scan Detected"; content:"OPTIONS sip|3A|"; depth:12; content:"From|3A 20 22|sipvicious"; distance:0; content:"To|3A 20 22|sipvicious"; distance:0; classtype:attempted-recon; reference:url,code.google.com/p/sipvicious/; reference:url,blog.sipvicious.org/; reference:url,doc.emergingthreats.net/2011717; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Sipvicious; sid:2011717; rev:2;)

Added 2010-06-29 00:22:52 UTC


alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET SCAN Sipvicious Svmap or Svlearnfp Scan Detected"; content:"OPTIONS sip|3A|"; depth:12; content:"From|3A 20 22|sipvicious"; distance:0; content:"To|3A 20 22|sipvicious"; distance:0; classtype:attempted-recon; reference:url,code.google.com/p/sipvicious/; reference:url,blog.sipvicious.org/; sid:2011717; rev:1;)

Added 2010-06-28 23:46:16 UTC


Topic revision: r1 - 2010-06-29 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats