alert tcp $EXTERNAL_NET any -> $HOME_NET 23 (msg:"ET EXPLOIT RuggedCom factory account backdoor"; flow:established,to_server; flowbits:isset,ET.RUGGED.BANNER; content:"factory"; pcre:"/factory[\r\n\x00]+[0-9]{9}/"; reference:url,www.exploit-db.com/exploits/18779/; reference:url,arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars; classtype:suspicious-login; sid:2014646; rev:7; metadata:attack_target Networking_Equipment, created_at 2012_04_28, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, updated_at 2023_04_24;)