Versions (4)
Version DetailsCurrent
Rev: 2 • May 26, 2020, 12:00 PMET EXPLOIT Possible DNS BIND TSIG Denial of Service Attempt (CVE-2020-8617)
alert dns $EXTERNAL_NET any -> any any (msg:"ET EXPLOIT Possible DNS BIND TSIG Denial of Service Attempt (CVE-2020-8617)"; content:"|00|"; distance:0; byte_extract:1,1,rec_name,relative; content:"|00 00 fa 00 ff|"; distance:rec_name; within:5; fast_pattern; content:"|00 10 00 00|"; endswith; reference:cve,2020-8617; classtype:denial-of-service; sid:2030221; rev:2; metadata:attack_target DNS_Server, created_at 2020_05_26, deployment Datacenter, performance_impact Low, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_03_24;)
May 26, 2020, 12:00 PM
Mar 24, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 18, 2025, 8:36 PM
rules/emerging-exploit.rules