Rule History

SID: 2030339 • Source: et/open

Versions (4)

Version DetailsCurrent

Rev: 2 • Jun 15, 2020, 12:00 PM

Message:

ET DOS CallStranger - Attempted UPnP Reflected Amplified TCP with Multiple Callbacks (CVE-2020-12695)

Rule:

alert http $EXTERNAL_NET any -> any any (msg:"ET DOS CallStranger - Attempted UPnP Reflected Amplified TCP with Multiple Callbacks (CVE-2020-12695)"; flow:established,to_server; http.method; content:"SUBSCRIBE"; http.header; content:"CALLBACK|3a 20|"; fast_pattern; nocase; content:"<http"; distance:0; content:"><http"; distance:0; pcre:"/^Callback\x3a\x20<http[^>]+><http/mi"; reference:url,github.com/yunuscadirci/CallStranger; reference:cve,2020-12695; classtype:attempted-dos; sid:2030339; rev:2; metadata:affected_product UPnP, attack_target IoT, created_at 2020_06_15, cve CVE_2020_12695, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_12_11;)

Created:

Jun 15, 2020, 12:00 PM

Updated:

Dec 11, 2020, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Sep 18, 2025, 8:36 PM

Filename:

rules/emerging-dos.rules