#alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET VOIP
MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; reference:url,doc.emergingthreats.net/2003237; classtype:attempted-user; sid:2003237; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
Added 2018-09-13 19:38:38 UTC
Added 2018-09-13 17:53:10 UTC
#alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET VOIP
MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; reference:url,doc.emergingthreats.net/2003237; classtype:attempted-user; sid:2003237; rev:8; metadata:created_at 2010_07_30, updated_at 2010_07_30;)
Added 2017-08-07 20:56:33 UTC
#alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET VOIP
MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; reference:url,doc.emergingthreats.net/2003237; classtype:attempted-user; sid:2003237; rev:8;)
Added 2015-01-06 18:11:08 UTC
alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET VOIP
MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; reference:url,doc.emergingthreats.net/2003237; classtype:attempted-user; sid:2003237; rev:8;)
Added 2011-10-12 19:13:05 UTC
Have false positives, 2 German SIP providers blocked (Toplink and Sipgate)
1:2003237 ET VOIP
MultiTech? SIP UDP Overflow, proto:UDP, ip/port:213.218.22.30:5060 (sbc30.toplink-voice.de) -> 192.168.94.13:5060
--
RomanJokl - 14 Aug 2012
Do you happen to have any packet data? Any more than just those 2?
--
MattJonkman - 15 Aug 2012
alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET VOIP
MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; classtype:attempted-user; reference:cve,2005-4050; reference:url,doc.emergingthreats.net/2003237; sid:2003237; rev:8;)
Added 2011-09-14 22:26:02 UTC
alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET VOIP
MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; classtype:attempted-user; reference:cve,2005-4050; reference:url,doc.emergingthreats.net/2003237; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Multitech; sid:2003237; rev:8;)
Added 2011-02-04 17:22:20 UTC
alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET VOIP
MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; reference:url,doc.emergingthreats.net/2003237; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Multitech; sid:2003237; rev:8;)
Added 2010-01-12 10:00:45 UTC
alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET VOIP
MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; reference:url,doc.emergingthreats.net/2003237; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VOIP/VOIP_Multitech; sid:2003237; rev:8;)
Added 2010-01-12 10:00:45 UTC
alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET EXPLOIT
MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; reference:url,doc.emergingthreats.net/bin/view/Main/2003237; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_SIP; sid:2003237; rev:6;)
Added 2009-02-07 22:00:26 UTC
alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET EXPLOIT
MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; reference:url,doc.emergingthreats.net/bin/view/Main/2003237; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_SIP; sid:2003237; rev:6;)
Added 2009-02-07 22:00:26 UTC
alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET EXPLOIT
MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; sid:2003237; rev:5;)
Added 2008-05-18 19:52:13 UTC
alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET EXPLOIT
MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; sid:2003237; rev:5;)
Added 2008-05-18 19:52:13 UTC
alert udp any any -> $HOME_NET 5060 (msg:"ET EXPLOIT
MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; sid:2003237; rev:4;)
Added 2008-01-25 10:56:38 UTC
alert udp any any -> $HOME_NET 5060 (msg:"ET EXPLOIT
MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; sid:2003237; rev:4;)
Added 2008-01-25 10:56:38 UTC
alert udp any any -> $HOME_NET 5060 (msg: "BLEEDING-EDGE EXPLOIT
MultiTech? SIP UDP Overflow"; content:"INVITE"; nocase; depth:6; isdataat:65,relative; content:!"|0a|"; within:61; reference:cve,2005-4050; classtype:attempted-user; sid:2003237; rev:3; )