alert udp any any -> $HOME_NET 137 (msg:"ET INFO NBNS Name Query Response Possible WPAD Spoof BadTunnel?"; byte_test:1,&,0x80,2; byte_test:1,!&,0x40,2; byte_test:1,!&,0x20,2; byte_test:1,!&,0x10,2; byte_test:1,=,0x00,3; content:"|00 00|"; offset:4; depth:2; content:"|46 48 46 41 45 42 45|"; fast_pattern; reference:url,tools.ietf.org/html/draft-ietf-wrec-wpad-01; reference:url,ietf.org/rfc/rfc1002.txt; classtype:protocol-command-decode; sid:2022914; rev:2; metadata:created_at 2016_06_23, updated_at 2019_10_07;)

Added 2019-10-08 19:34:38 UTC


alert udp any any -> $HOME_NET 137 (msg:"ET INFO NBNS Name Query Response Possible WPAD Spoof BadTunnel?"; byte_test:1,&,0x80,2; byte_test:1,!&,0x40,2; byte_test:1,!&,0x20,2; byte_test:1,!&,0x10,2; byte_test:1,=,0x00,3; content:"|00 00|"; offset:4; depth:2; content:"|46 48 46 41 45 42 45|"; fast_pattern:only; reference:url,tools.ietf.org/html/draft-ietf-wrec-wpad-01; reference:url,ietf.org/rfc/rfc1002.txt; classtype:protocol-command-decode; sid:2022914; rev:1; metadata:created_at 2016_06_23, updated_at 2016_06_23;)

Added 2018-09-13 19:52:41 UTC


Added 2018-09-13 18:00:59 UTC


alert udp any any -> $HOME_NET 137 (msg:"ET INFO NBNS Name Query Response Possible WPAD Spoof BadTunnel?"; byte_test:1,&,0x80,2; byte_test:1,!&,0x40,2; byte_test:1,!&,0x20,2; byte_test:1,!&,0x10,2; byte_test:1,=,0x00,3; content:"|00 00|"; offset:4; depth:2; content:"|46 48 46 41 45 42 45|"; fast_pattern:only; reference:url,tools.ietf.org/html/draft-ietf-wrec-wpad-01; reference:url,ietf.org/rfc/rfc1002.txt; classtype:protocol-command-decode; sid:2022914; rev:1; metadata:created_at 2016_06_23, updated_at 2016_06_23;)

Added 2017-08-07 21:17:56 UTC


alert udp any any -> $HOME_NET 137 (msg:"ET INFO NBNS Name Query Response Possible WPAD Spoof BadTunnel?"; byte_test:1,&,0x80,2; byte_test:1,!&,0x40,2; byte_test:1,!&,0x20,2; byte_test:1,!&,0x10,2; byte_test:1,=,0x00,3; content:"|00 00|"; offset:4; depth:2; content:"|46 48 46 41 45 42 45|"; fast_pattern:only; reference:url,tools.ietf.org/html/draft-ietf-wrec-wpad-01; reference:url,ietf.org/rfc/rfc1002.txt; classtype:protocol-command-decode; sid:2022914; rev:1;)

Added 2016-06-23 19:14:20 UTC


alert udp any any -> $HOME_NET 137 (msg:"ET INFO NBNS Name Query Response Possible WPAD Spoof BadTunnel?"; byte_test:1,&,0x80,2; byte_test:1,!&,0x40,2; byte_test:1,!&,0x20,2; byte_test:1,!&,0x10,2; byte_test:1,=,0x00,3; content:"|00 00|"; offset:4; depth:2; content:"|46 48 46 41 45 42 45|"; fast_pattern:only; reference:url,tools.ietf.org/html/draft-ietf-wrec-wpad-01; reference:url,ietf.org/rfc/rfc1002.txt; classtype:protocol-command-decode; sid:2022914; rev:1;)

Added 2016-06-23 19:13:07 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats