alert udp $EXTERNAL_NET any -> $HOME_NET 500 (msg:"ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound"; flow:to_server; content:"|84 00 00|"; byte_test:1,<,9,0,relative; byte_jump:1,0,relative,post_offset -4; content:"|00 00 00|"; within:3; byte_test:1,<,8,0,relative; reference:url,blog.exodusintel.com/2016/02/10/firewall-hacking; classtype:trojan-activity; sid:2022506; rev:3; metadata:created_at 2016_02_12, former_category EXPLOIT, updated_at 2017_05_02;)

Added 2021-09-21 20:00:32 UTC


alert udp $EXTERNAL_NET any -> $HOME_NET 500 (msg:"ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound"; flow:to_server; content:"|84 00 00|"; byte_test:1,<,9,0,relative; byte_jump:1,0,relative,post_offset -4; content:"|00 00 00|"; within:3; byte_test:1,<,8,0,relative; reference:url,blog.exodusintel.com/2016/02/10/firewall-hacking; classtype:trojan-activity; sid:2022506; rev:3; metadata:created_at 2016_02_11, former_category EXPLOIT, updated_at 2017_05_02;)

Added 2020-08-05 19:12:02 UTC


alert udp $EXTERNAL_NET any -> $HOME_NET 500 (msg:"ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound"; flow:to_server; content:"|84 00 00|"; byte_test:1,<,9,0,relative; byte_jump:1,0,relative,post_offset -4; content:"|00 00 00|"; within:3; byte_test:1,<,8,0,relative; metadata: former_category EXPLOIT; reference:url,blog.exodusintel.com/2016/02/10/firewall-hacking; classtype:trojan-activity; sid:2022506; rev:3; metadata:created_at 2016_02_11, updated_at 2017_05_02;)

Added 2018-09-13 19:52:17 UTC


Added 2018-09-13 18:00:44 UTC


alert udp $EXTERNAL_NET any -> $HOME_NET 500 (msg:"ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound"; flow:to_server; content:"|84 00 00|"; byte_test:1,<,9,0,relative; byte_jump:1,0,relative,post_offset -4; content:"|00 00 00|"; within:3; byte_test:1,<,8,0,relative; metadata: former_category EXPLOIT; reference:url,blog.exodusintel.com/2016/02/10/firewall-hacking; classtype:trojan-activity; sid:2022506; rev:3; metadata:created_at 2016_02_11, updated_at 2017_05_02;)

Added 2017-08-07 21:17:25 UTC


alert udp $EXTERNAL_NET any -> $HOME_NET 500 (msg:"ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound"; flow:to_server; content:"|84 00 00|"; byte_test:1,<,9,0,relative; byte_jump:1,0,relative,post_offset -4; content:"|00 00 00|"; within:3; byte_test:1,<,8,0,relative; reference:url,blog.exodusintel.com/2016/02/10/firewall-hacking; classtype:trojan-activity; sid:2022506; rev:3;)

Added 2017-05-05 16:58:54 UTC


alert udp $EXTERNAL_NET any -> $HOME_NET 500 (msg:"ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound"; flow:to_server; content:"|84 00 00|"; byte_test:1,<,9,0,relative; byte_jump:1,0,relative,post_offset -4; content:"|00 00 00|"; within:3; byte_test:1,<,8,0,relative; metadata: former_category EXPLOIT; reference:url,blog.exodusintel.com/2016/02/10/firewall-hacking; classtype:trojan-activity; sid:2022506; rev:3;)

Added 2017-05-03 17:35:23 UTC


alert udp $EXTERNAL_NET any -> $HOME_NET 500 (msg:"ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound"; flow:to_server; content:"|84 00 00|"; byte_test:1,<,9,0,relative; byte_jump:1,0,relative,post_offset -4; content:"|00 00 00|"; within:3; byte_test:1,<,8,0,relative; reference:url,blog.exodusintel.com/2016/02/10/firewall-hacking; classtype:trojan-activity; sid:2022506; rev:3;)

Added 2017-05-02 19:38:43 UTC


alert udp $EXTERNAL_NET any -> $HOME_NET 500 (msg:"ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound"; flow:to_server; content:"|84 00 00|"; byte_test:1,<,9,0,relative; byte_jump:1,0,relative,post_offset -4; content:"|00 00 00|"; within:3; byte_test:1,<,8,0,relative; reference:url,blog.exodusintel.com/2016/02/10/firewall-hacking; classtype:trojan-activity; sid:2022506; rev:3;)

Added 2017-05-02 17:29:51 UTC


alert udp $EXTERNAL_NET any -> $HOME_NET 500 (msg:"ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound"; flow:to_server; content:"|84 00 00|"; byte_test:1,<,8,0,relative; byte_jump:1,0,relative,post_offset -4; content:"|00 00 00|"; within:3; byte_test:1,<,8,0,relative; reference:url,blog.exodusintel.com/2016/02/10/firewall-hacking; classtype:trojan-activity; sid:2022506; rev:2;)

Added 2016-02-11 17:38:30 UTC


Topic revision: r1 - 2021-09-22 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats