alert tcp any any -> $DNS_SERVERS 1024: (msg:"BLEEDING-EDGE CURRENT EVENTS DNS RPC Exploit big endian (specific to Metasploit Module)"; flow:to_server,established; flowbits:isset,BE.ms.dns.rpc; content:"|05|"; depth:1; content:"|00|"; distance:3; within:1; content:"|00 01|"; distance:17; within:2; reference:url,doc.bleedingthreats.net/bin/view/Main/MSRpcDns; sid:2003594; rev:2;)
Added 2007-05-03 16:30:19 UTC
alert tcp any any -> any 1024: (msg:"BLEEDING-EDGE CURRENT EVENTS DNS RPC Exploit big endian (specific to Metasploit Module)"; flow:to_server,established; flowbits:isset,BE.ms.dns.rpc; content:"|05|"; depth:1; content:"|00|"; distance:3; within:1; content:"|00 01|"; distance:17; within:2; reference:url,doc.bleedingthreats.net/bin/view/Main/MSRpcDns; sid:2003594;)
Added 2007-04-17 19:30:22 UTC
MSRpcDns?
--
MattJonkman - 17 Apr 2007