🔔 Suspicious outgoing LDAP flow to Internet on port 1389 - Possible Log4shell POC attack

SID: 3309628Rev: 10 views
Sourcepawpatrules
CreatedDecember 12, 2021
UpdatedDecember 12, 2021
Classificationpolicy-violation
alert tcp any any -> $EXTERNAL_NET 1389 (msg:"🔔 Suspicious outgoing LDAP flow to Internet on port 1389 - Possible Log4shell POC attack"; flow:established, to_server, no_stream; content:"|30|"; depth:1; content:"|02 01|"; fast_pattern; distance:1; within:2; content:"|60|"; distance:1; within:1; content:"|02 01|"; distance:1; within:2; content:"|04|"; distance:1; within:1; reference:url,https://github.com/christophetd/log4shell-vulnerable-app; metadata:created_at 2021_12_12, updated_at 2021_12_12; sid:3309628; rev:1; classtype:policy-violation;)

References

urlhttps://github.com/christophetd/log4shell-vulnerable-app

Metadata

created at2021_12_12
updated at2021_12_12

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!