Rule History

alert udp [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET INFO Observed netstat Output From Internal Host Over UDP"; content:"|0d 0a 20 20|TCP|20 20 20|"; content:"|20 20 20|ESTABLISHED|20 20 20|"; fast_pattern; classtype:misc-activity; sid:2062634; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, affected_product Windows_11, affected_product Windows_8, affected_product Windows_10, attack_target Client_and_Server, created_at 2025_05_30, deployment Perimeter, deployment Internal, confidence High, signature_severity Informational, tag AI_Generated_Description, updated_at 2025_05_30; target:dest_ip;)