Versions (3)
Version DetailsCurrent
Rev: 5 • Sep 30, 2011, 12:00 PMET SCADA Rockwell RNA Message Large Header Length - 8Kb
alert tcp any !443 -> $HOME_NET [1330,1331,1332,4241,4242,4445,4446,5241,6543,9111,60093,49281] (msg:"ET SCADA Rockwell RNA Message Large Header Length - 8Kb"; flow:established,to_server; content:"rna|f2|"; startswith; fast_pattern; byte_test:4,>,0x2000,0,relative,little; classtype:attempted-dos; sid:2049795; rev:5; metadata:attack_target ICS, created_at 2011_09_30, cve CVE_2011_3489, deployment Internal, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_12_27, reviewed_at 2024_03_06, former_sid 2803783; target:dest_ip;)
Sep 30, 2011, 12:00 PM
Dec 27, 2023, 12:00 PM
Dec 20, 2023, 11:00 PM
Aug 15, 2025, 8:34 PM
rules/emerging-scada.rules