ATTACK [PTsecurity] ISC BIND DNS TSIG authentication bypass successful (CVE-2017-3143)

SID: 10001508Rev: 20 views
Sourceptresearch/attackdetection
CreatedDecember 13, 2021
UpdatedDecember 13, 2021
Classificationsuccessful-admin
alert dns any any -> $HOME_NET any (msg:"ATTACK [PTsecurity] ISC BIND DNS TSIG authentication bypass successful (CVE-2017-3143)"; flow:from_server; content:"|00 FA|"; content:"|00 00 00 00|"; distance:2; within:4; content:"|0B|hmac-sha256|00|"; within:15; byte_test:2, >, 0, 8, relative; flowbits:isset,CVE.2017-3143.attempt; flowbits:unset,CVE.2017-3143.attempt; reference:cve, 2017-3143; reference:url, http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf; classtype:successful-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10001508; rev:2;)

References

cve2017-3143
urlhttp://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf
urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!