ATTACK [PTsecurity] BadTunnel NBNS response after NBSTAT query

SID: 10000051Rev: 20 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-recon

alert udp $EXTERNAL_NET 137 -> $HOME_NET 137 (msg:"ATTACK [PTsecurity] BadTunnel NBNS response after NBSTAT query"; flow:no_stream; byte_test:1,&,0x80,2; content:!"|00 00|"; offset:6; depth:2; threshold:type limit, track by_dst, count 1, seconds 30; xbits:isset,BadTunnelStage1,track ip_dst; reference:url, xlab.tencent.com/en/2016/06/17/BadTunnel-A-New-Hope/; reference:cve, 2016-3236; classtype:attempted-recon; reference:url, github.com/ptresearch/AttackDetection; sid:10000051; rev:2;)

References

url	xlab.tencent.com/en/2016/06/17/BadTunnel-A-New-Hope/
cve	2016-3236
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!