2006915 < Main < EmergingThreats

EmergingThreats>

Main Web>2006915 (2008-01-08, TWikiGuest)

#alert udp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS DNS-Rebinding Attack 172.16.x.x/12 (local IP from remote DNS Server)"; content: "|c0 0c 00 01 00 01|"; content: "|00 04 ac|"; within:3; distance:4; pcre:"/\xac+[\x10|\x11|\x12|\x13|\x14|\x15|\x16|\x17|\x18|\x19|\x1a|\x1b|\x1c|\x1d|\x1e|\x1f]/"; reference:url,crypto.stanford.edu/dns/; classtype:misc-attack; sid:2006915; rev:3;)

Added 2007-10-10 06:31:36 UTC

#alert udp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS DNS-Rebinding Attack 172.16.x.x/12 (local IP from remote DNS Server)"; content: "|c0 0c 00 01 00 01|"; content: "|00 04 ac|"; within:3; distance:4; pcre:"/\xac+[\x10|\x11|\x12|\x13|\x14|\x15|\x16|\x17|\x18|\x19|\x1a|\x1b|\x1c|\x1d|\x1e|\x1f]/"; reference:url,crypto.stanford.edu/dns/; classtype:misc-attack; sid:2006915; rev:3;)

Added 2007-10-10 06:31:36 UTC

alert udp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS DNS-Rebinding Attack 172.16.x.x/12 (local IP from remote DNS Server)"; content: "|c0 0c 00 01 00 01|"; content: "|00 04 ac|"; within:3; distance:4; pcre:"/\xac+[\x10|\x11|\x12|\x13|\x14|\x15|\x16|\x17|\x18|\x19|\x1a|\x1b|\x1c|\x1d|\x1e|\x1f]/"; reference:url,crypto.stanford.edu/dns/; classtype:misc-attack; sid:2006915; rev:3;)

Added 2007-08-11 12:25:12 UTC

alert udp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS DNS-Rebinding Attack 172.16.x.x/12 (local IP from remote DNS Server)"; content: "|c0 0c 00 01 00 01|"; content: "|00 04 ac|"; within:3; distance:4; pcre:"/\xac+[\x10|\x11|\x12|\x13|\x14|\x15|\x16|\x17|\x18|\x19|\x1a|\x1b|\x1c|\x1d|\x1e|\x1f]/"; metadata:service dns; reference:url,crypto.stanford.edu/dns/; classtype:misc-attack; sid:2006915; rev:2;)

Added 2007-08-11 05:31:45 UTC

alert udp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT EVENTS DNS-Rebinding Attack 172.16.x.x/12 (local IP from remote DNS Server)"; content: "|c0 0c 00 01 00 01|"; content: "|00 04 ac|"; within:3; distance:4; pcre:"/\xac++[\x10|\x11|\x12|\x13|\x14|\x15|\x16|\x17|\x18|\x19|\x1a|\x1b|\x1c|\x1d|\x1e|\x1f]/"; metadata:service dns; reference: http://crypto.stanford.edu/dns/; classtype:misc-attack; sid:2006915; rev:1;)

Added 2007-08-10 01:20:19 UTC

Edit | Attach | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions

Topic revision: r1 - 2008-01-08 - TWikiGuest

Main

Log In or Register

User Reference
ATasteOfTWiki
TextFormattingRules

Signature Reference
WebRss Feed
EmergingFAQ

Copyright © Emerging Threats