Rule History

alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET SCAN Modified Sipvicious Sundayddr Scanner (sipsscuser)"; content:"From|3A 20 22|sipsscuser|22|"; threshold: type limit, count 1, seconds 60, track by_src; reference:url,code.google.com/p/sipvicious/; reference:url,blog.sipvicious.org/; reference:url,honeynet.org.au/?q=sunday_scanner; classtype:attempted-recon; sid:2012204; rev:4; metadata:attack_target Networking_Equipment, tls_state plaintext, created_at 2011_01_20, deployment Perimeter, deployment Internet, performance_impact Low, confidence High, signature_severity Informational, updated_at 2024_12_03;)