Rule History

alert udp any any -> $HOME_NET [500,4500] (msg:"ET EXPLOIT IKEv2 Invalid Fragmented IKE_AUTH (CVE-2026-33824)"; flow:stateless,to_server; flowbits:isset,ET.IKE.MS_Sec_VID; content:"|35 20 23 08 00 00 00 01|"; offset:16; depth:8; reference:url,www.zerodayinitiative.com/blog/2026/4/22/cve-2026-33824-remote-code-execution-in-windows-ikev2; reference:cve,2026-33824; classtype:attempted-user; sid:2069043; rev:1; metadata:attack_target Server, created_at 2026_04_28, cve CVE_2026_33824, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2026_04_28; target:dest_ip;)