Rule History

alert http [$HOME_NET,$HTTP_SERVERS] any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET HUNTING Possible UPnP UUID Overflow Exploit Attempt from Internal Host - SUBSCRIBE/UNSUBSCRIBE"; flow:established,to_server; http.method; content:"SUBSCRIBE"; http.header; content:"UUID|3a 20|"; fast_pattern; pcre:"/^[^\r\n]{100,}/R"; classtype:unknown; sid:2034496; rev:1; metadata:created_at 2021_11_18, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_11_18;)