alert udp $HOME_NET any -> [$EXTERNAL_NET,!255.255.255.255] 69 (msg:"ET TFTP Outbound TFTP Write Request"; content:"|00 02|"; depth:2; reference:url,doc.emergingthreats.net/2008116; classtype:policy-violation; sid:2008116; rev:4; metadata:created_at 2010_07_30, updated_at 2017_01_25;)
Added 2018-09-13 19:39:40 UTC
Added 2018-09-13 17:53:45 UTC
alert udp $HOME_NET any -> [$EXTERNAL_NET,!255.255.255.255] 69 (msg:"ET TFTP Outbound TFTP Write Request"; content:"|00 02|"; depth:2; reference:url,doc.emergingthreats.net/2008116; classtype:policy-violation; sid:2008116; rev:4; metadata:created_at 2010_07_30, updated_at 2017_01_25;)
Added 2017-08-07 21:01:18 UTC
alert udp $HOME_NET any -> [$EXTERNAL_NET,!255.255.255.255] 69 (msg:"ET TFTP Outbound TFTP Write Request"; content:"|00 02|"; depth:2; reference:url,doc.emergingthreats.net/2008116; classtype:policy-violation; sid:2008116; rev:4;)
Added 2017-01-25 17:30:20 UTC
alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET TFTP Outbound TFTP Write Request"; content:"|00 02|"; depth:2; reference:url,doc.emergingthreats.net/2008116; classtype:policy-violation; sid:2008116; rev:3;)
Added 2011-10-12 19:24:28 UTC
Hello. Can you please consider rule modification.
Broadcast IP address 255.255.255.255 can be excluded from destination because it is not External Net . Writing TFTP is critical functionality for Avaya IP Office.
http://ipo.wikidot.com/tftps
PCAP in attachment
Thank you!
--
MaksymParpaley - 2017-01-16
Hi. Please exclude 255.255.255.255 as destination in External Net var.
--
MaksymParpaley - 2017-01-25
Will add today. Thanks!
--
DarienH - 2017-01-25
alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET TFTP Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:policy-violation; reference:url,doc.emergingthreats.net/2008116; sid:2008116; rev:3;)
Added 2011-09-14 22:37:57 UTC
alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET TFTP Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:policy-violation; reference:url,doc.emergingthreats.net/2008116; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_TFTP; sid:2008116; rev:3;)
Added 2011-02-04 17:27:13 UTC
alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET POLICY Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:policy-violation; reference:url,doc.emergingthreats.net/2008116; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_TFTP; sid:2008116; rev:3;)
Added 2009-09-15 12:00:41 UTC
alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET POLICY Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:policy-violation; reference:url,doc.emergingthreats.net/2008116; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_TFTP; sid:2008116; rev:3;)
Added 2009-09-15 12:00:41 UTC
alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET POLICY Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:bad-unknown; reference:url,doc.emergingthreats.net/2008116; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_TFTP; sid:2008116; rev:2;)
Added 2009-02-11 19:15:24 UTC
alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET POLICY Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:bad-unknown; reference:url,doc.emergingthreats.net/2008116; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/POLICY/POLICY_TFTP; sid:2008116; rev:2;)
Added 2009-02-11 19:15:24 UTC
alert udp $HOME_NET any -> $EXTERNAL_NET 69 (msg:"ET POLICY Outbound TFTP Write Request"; content:"|00 02|"; depth:2; classtype:bad-unknown; sid:2008116; rev:1;)
Added 2008-04-09 09:23:49 UTC