ATTACK [PTsecurity] Possible DNS Rebinding attack

SID: 10002490Rev: 10 views
Sourceptresearch/attackdetection
CreatedMarch 30, 2022
UpdatedMarch 30, 2022
Classificationattempted-admin
alert udp any 53 -> $HOME_NET any (msg:"ATTACK [PTsecurity] Possible DNS Rebinding attack"; flow:established, from_server; content:"|00 01 00 01|"; offset:4; depth:4; content:"|00 01 00 01 00 00 00 00 00 04 7F 00 00 01|"; distance:0; threshold:type both, track by_src, count 1, seconds 30; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10002490; rev:1;)

References

urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!