🔔 Suspicious outgoing LDAP flow to Internet - Leak 🚱 - Or Possible Log4shell attack

SID: 3300342Rev: 15 views
Sourcepawpatrules
CreatedDecember 12, 2021
UpdatedDecember 12, 2021
Classificationpolicy-violation
alert tcp any any -> $EXTERNAL_NET any (msg:"🔔 Suspicious outgoing LDAP flow to Internet - Leak 🚱 - Or Possible Log4shell attack"; flow:established, to_server, no_stream; content:"|30|"; depth:1; content:"|02 01|"; distance:1; within:2; content:"|60|"; distance:1; within:1; content:"|02 01|"; distance:1; within:2; content:"|04|"; distance:1; within:1; reference:url,https://www.lunasec.io/docs/blog/log4j-zero-day/; metadata:created_at 2021_12_12, updated_at 2021_12_12; sid:3300342; rev:1; classtype:policy-violation;)

References

urlhttps://www.lunasec.io/docs/blog/log4j-zero-day/

Metadata

created at2021_12_12
updated at2021_12_12

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!