EmergingThreats> Main Web>2008116 (2017-01-25, DarienH) EditAttach

alert udp $HOME_NET any -> [$EXTERNAL_NET,!255.255.255.255] 69 (msg:"ET TFTP Outbound TFTP Write Request"; content:"|00 02|"; depth:2; reference:url,doc.emergingthreats.net/2008116; classtype:policy-violation; sid:2008116; rev:4; metadata:created_at 2010_07_30, updated_at 2017_01_25;)

Added 2018-09-13 19:39:40 UTC

Added 2018-09-13 17:53:45 UTC

alert udp $HOME_NET any -> [$EXTERNAL_NET,!255.255.255.255] 69 (msg:"ET TFTP Outbound TFTP Write Request"; content:"|00 02|"; depth:2; reference:url,doc.emergingthreats.net/2008116; classtype:policy-violation; sid:2008116; rev:4; metadata:created_at 2010_07_30, updated_at 2017_01_25;)

Added 2017-08-07 21:01:18 UTC

alert udp $HOME_NET any -> [$EXTERNAL_NET,!255.255.255.255] 69 (msg:"ET TFTP Outbound TFTP Write Request"; content:"|00 02|"; depth:2; reference:url,doc.emergingthreats.net/2008116; classtype:policy-violation; sid:2008116; rev:4;)

Added 2017-01-25 17:30:20 UTC

alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET TFTP Outbound TFTP Write Request"; content:"|00 02|"; depth:2; reference:url,doc.emergingthreats.net/2008116; classtype:policy-violation; sid:2008116; rev:3;)

Added 2011-10-12 19:24:28 UTC

Hello. Can you please consider rule modification.

Broadcast IP address 255.255.255.255 can be excluded from destination because it is not External Net . Writing TFTP is critical functionality for Avaya IP Office.

http://ipo.wikidot.com/tftps

PCAP in attachment

Thank you!

-- MaksymParpaley - 2017-01-16

Hi. Please exclude 255.255.255.255 as destination in External Net var.

-- MaksymParpaley - 2017-01-25

Will add today. Thanks!

-- DarienH - 2017-01-25

alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET TFTP Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:policy-violation; reference:url,doc.emergingthreats.net/2008116; sid:2008116; rev:3;)

Added 2011-09-14 22:37:57 UTC

alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET TFTP Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:policy-violation; reference:url,doc.emergingthreats.net/2008116; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_TFTP; sid:2008116; rev:3;)

Added 2011-02-04 17:27:13 UTC

alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET POLICY Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:policy-violation; reference:url,doc.emergingthreats.net/2008116; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_TFTP; sid:2008116; rev:3;)

Added 2009-09-15 12:00:41 UTC

alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET POLICY Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:policy-violation; reference:url,doc.emergingthreats.net/2008116; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_TFTP; sid:2008116; rev:3;)

Added 2009-09-15 12:00:41 UTC

alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET POLICY Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:bad-unknown; reference:url,doc.emergingthreats.net/2008116; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_TFTP; sid:2008116; rev:2;)

Added 2009-02-11 19:15:24 UTC

alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET POLICY Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:bad-unknown; reference:url,doc.emergingthreats.net/2008116; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_TFTP; sid:2008116; rev:2;)

Added 2009-02-11 19:15:24 UTC

alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET POLICY Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:bad-unknown; sid:2008116; rev:1;)

Added 2008-04-09 09:23:49 UTC

Edit | Attach | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r4 - 2017-01-25 - DarienH
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats