Rule History

alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg: "ATTACK [PTsecurity] Apple macOS 10.12.1/iOS 10 OCSP DDoS Attempt (CVE-2016-7636)"; flow: established, from_server, only_stream; content: "|16 03|"; depth: 2; content: "|16 03|"; content: "|0B|"; distance: 3; within: 1; content: "|30 83|"; content: "|30|"; distance: 3; within: 1; content: "|06 08 2B 06 01 05 05 07 30 02 86|"; distance: 1; within: 11; byte_jump: 1, 0, relative; content: "|30|"; content: "|06 08 2B 06 01 05 05 07 30 02 86|"; distance: 1; within: 11; byte_jump: 1, 0, relative; content: "|30|"; pcre: "/(?:[^\x06]+\x06\x08\x2B\x06\x01\x05\x05\x07\x30\x02\x86){10,}/"; reference: cve, 2016-7636; reference: url, cxsecurity.com/issue/WLB-2016100213; reference: url, rules.ptsecurity.com; classtype: attempted-dos; sid: 10000495; rev: 1;)