alert udp any any -> $HOME_NET [623,664] (msg:"ET EXPLOIT IPMI Cipher 0 Authentication mode set"; content:"|07 06 10 00 00 00 00 00 00 00 00|"; offset:3; depth:11; content:"|00 00|"; distance:2; within:2; content:"|00 00 00 08 00 00 00 00 01 00 00 08 00 00 00 00 02 00 00 08 00 00 00 00|"; distance:6; within:24; reference:url,www.intel.com/content/dam/www/public/us/en/documents/product-briefs/second-gen-interface-spec-v2.pdf; reference:url,community.rapid7.com/community/metasploit/blog/2013/06/23/a-penetration-testers-guide-to-ipmi; classtype:attempted-admin; sid:2017094; rev:3; metadata:created_at 2013_07_04, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)