ATTACK [PTsecurity] BadTunnel ISATAP spoofing attempt via NBNS

SID: 10000053Rev: 10 views

Sourceptresearch/attackdetection

CreatedMarch 30, 2022

UpdatedMarch 30, 2022

Classificationattempted-recon

alert udp $EXTERNAL_NET 137 -> $HOME_NET 137 (msg:"ATTACK [PTsecurity] BadTunnel ISATAP spoofing attempt via NBNS"; flow:no_stream; content:"|45 4A 46 44 45 42 46 45 45 42 46 41|"; offset:13; depth:12; threshold:type limit, track by_dst, count 1, seconds 30; reference:url, xlab.tencent.com/en/2016/06/17/BadTunnel-A-New-Hope/; reference:cve, 2016-3236; classtype:attempted-recon; reference:url, github.com/ptresearch/AttackDetection; sid:10000053; rev:1;)

References

url	xlab.tencent.com/en/2016/06/17/BadTunnel-A-New-Hope/
cve	2016-3236
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!