alert tcp any any -> $HOME_NET 3389 (msg:"ET EXPLOIT Microsoft RDP Server targetParams Exploit Attempt"; flow:to_server,established; content:"|03 00|"; depth:2; content:"|7f 65 82 01 94|"; distance:24; within:5; content:"|30 19|"; distance:9; within:2; byte_test:1,<,6,3,relative; reference:url,msdn.microsoft.com/en-us/library/cc240836.aspx; reference:cve,2012-0002; classtype:attempted-admin; sid:2014383; rev:2;)

Added 2012-03-14 18:30:59 UTC


Topic revision: r1 - 2012-03-14 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats