🐾 - 🚨 MDNS query response over IPv6 observed 👀 - 2 ways to attack 🥷 Windows 🪟 device - Suricata Rule 3300148 (pawpatrules)

🐾 - 🚨 MDNS query response over IPv6 observed 👀 - 2 ways to attack 🥷 Windows 🪟 device

SID: 3300148Rev: 20 views

Sourcepawpatrules

CreatedMarch 20, 2023

UpdatedMarch 27, 2023

Classificationpolicy-violation

alert udp any 5353 -> ff02::fb 5353 (msg:"🐾 - 🚨 MDNS query response over IPv6 observed 👀 - 2 ways to attack 🥷 Windows 🪟 device"; flow:to_client, stateless; threshold:type limit, track by_src,count 1, seconds 43200; content:"|84 00 00 00 00 01 00 00 00 00|"; fast_pattern; reference:url,https://www.crowe.com/cybersecurity-watch/poisoning-attacks-round-2-beyond-netbios-llmnr; metadata:created_at 2023_03_20, updated_at 2023_03_27; sid:3300148; rev:2; classtype:policy-violation;)

References

url	https://www.crowe.com/cybersecurity-watch/poisoning-attacks-round-2-beyond-netbios-llmnr

🐾 - 🚨 MDNS query response over IPv6 observed 👀 - 2 ways to attack 🥷 Windows 🪟 device

References

Metadata

Comments (0)