EmergingThreats> Main Web>2003237 (2012-08-15, MattJonkman) EditAttach

#alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET VOIP MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; reference:url,doc.emergingthreats.net/2003237; classtype:attempted-user; sid:2003237; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2018-09-13 19:38:38 UTC

Added 2018-09-13 17:53:10 UTC

#alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET VOIP MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; reference:url,doc.emergingthreats.net/2003237; classtype:attempted-user; sid:2003237; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 20:56:33 UTC

#alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET VOIP MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; reference:url,doc.emergingthreats.net/2003237; classtype:attempted-user; sid:2003237; rev:8;)

Added 2015-01-06 18:11:08 UTC

alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET VOIP MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; reference:url,doc.emergingthreats.net/2003237; classtype:attempted-user; sid:2003237; rev:8;)

Added 2011-10-12 19:13:05 UTC

Have false positives, 2 German SIP providers blocked (Toplink and Sipgate)

1:2003237 ET VOIP MultiTech? SIP UDP Overflow, proto:UDP, ip/port:213.218.22.30:5060 (sbc30.toplink-voice.de) -> 192.168.94.13:5060

-- RomanJokl - 14 Aug 2012

Do you happen to have any packet data? Any more than just those 2?

-- MattJonkman - 15 Aug 2012

alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET VOIP MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; classtype:attempted-user; reference:cve,2005-4050; reference:url,doc.emergingthreats.net/2003237; sid:2003237; rev:8;)

Added 2011-09-14 22:26:02 UTC

alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET VOIP MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; classtype:attempted-user; reference:cve,2005-4050; reference:url,doc.emergingthreats.net/2003237; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Multitech; sid:2003237; rev:8;)

Added 2011-02-04 17:22:20 UTC

alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET VOIP MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; reference:url,doc.emergingthreats.net/2003237; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Multitech; sid:2003237; rev:8;)

Added 2010-01-12 10:00:45 UTC

alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET VOIP MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; reference:url,doc.emergingthreats.net/2003237; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Multitech; sid:2003237; rev:8;)

Added 2010-01-12 10:00:45 UTC

alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET EXPLOIT MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; reference:url,doc.emergingthreats.net/bin/view/Main/2003237; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_SIP; sid:2003237; rev:6;)

Added 2009-02-07 22:00:26 UTC

alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET EXPLOIT MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; reference:url,doc.emergingthreats.net/bin/view/Main/2003237; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_SIP; sid:2003237; rev:6;)

Added 2009-02-07 22:00:26 UTC

alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET EXPLOIT MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; sid:2003237; rev:5;)

Added 2008-05-18 19:52:13 UTC

alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET EXPLOIT MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; sid:2003237; rev:5;)

Added 2008-05-18 19:52:13 UTC

alert udp any any -> $HOME_NET 5060 (msg:"ET EXPLOIT MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; sid:2003237; rev:4;)

Added 2008-01-25 10:56:38 UTC

alert udp any any -> $HOME_NET 5060 (msg:"ET EXPLOIT MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; sid:2003237; rev:4;)

Added 2008-01-25 10:56:38 UTC

alert udp any any -> $HOME_NET 5060 (msg: "BLEEDING-EDGE EXPLOIT MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; sid:2003237; rev:3; )

Edit | Attach | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r3 - 2012-08-15 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats