alert tcp any 2067 -> $EXTERNAL_NET any (msg:"ET DELETED DLSw Information Disclosure CVE-2014-7992"; flow:established,from_server; content:"Cisco"; nocase; pcre:"/^(?: Systems|\.com\/techsupport)/Ri"; threshold:type both,count 1,seconds 60,track by_dst; reference:url,www.fishnetsecurity.com/6labs/blog/cisco-dlsw-leakage-allows-retrieval-packet-contents-remote-routers; reference:url,github.com/tatehansen/dlsw_exploit; reference:cve,2014-7992; classtype:trojan-activity; sid:2019778; rev:3; metadata:created_at 2014_11_24, signature_severity Unknown, updated_at 2023_01_19, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery;)