ATTACK [PTsecurity] Attempt to crash named using malformed RNDC packet

SID: 10000006Rev: 30 views
Sourceptresearch/attackdetection
CreatedDecember 13, 2021
UpdatedDecember 13, 2021
Classificationattempted-dos
alert tcp any any -> $HOME_NET any (msg:"ATTACK [PTsecurity] Attempt to crash named using malformed RNDC packet"; flow:established, to_server; content:"_auth"; depth:20; fast_pattern; content:!"|01 00 00 00|"; distance:10; within:4; content:"_ctrl"; content:"_ser"; content:"_tim"; content:"_exp"; reference:cve, 2016-1285; classtype:attempted-dos; reference:url, github.com/ptresearch/AttackDetection; sid:10000006; rev:3;)

References

cve2016-1285
urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!