🐾 - 🚨 MDNS for TCP service 🤕 in use - Multicast query observed

SID: 3300153Rev: 40 views
History
Sourcepawpatrules
CreatedMay 29, 2023
UpdatedJanuary 5, 2025
Classificationpolicy-violation
alert udp any 5353 -> 224.0.0.251 5353 (msg:"🐾 - 🚨 MDNS for TCP service 🤕 in use - Multicast query observed"; flow:to_server, stateless; threshold:type limit, track by_src,count 1, seconds 43200; content:"|00 00 00 00 00 01 00 00 00 00 00 00|"; fast_pattern; content:"|5f 74 63 70|"; content:"|00 0c 00 01|"; content:!"|5f 67 6f 6f 67 6c 65 63 61 73 74|"; content:!"|5f 6d 69 63 72 6f 73 6f 66 74 5f 6d 63 63 04 5f 74 63 70 05 6c 6f 63 61 6c |"; reference:url,https://github.com/eldraco/Sapito/blob/master/mDNS-services.txt; metadata:created_at 2023_05_29, updated_at 2025_01_05; sid:3300153; rev:4; classtype:policy-violation;)

References

urlhttps://github.com/eldraco/Sapito/blob/master/mDNS-services.txt

Metadata

created at2023_05_29
updated at2025_01_05

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!