alert udp $EXTERNAL_NET any -> $HOME_NET $DNS_PORT (msg: "[BIND] Version attempt"; content: "version.bind CH TXT"; classtype: attempted-recon; flowbits: set, recon, 86400; program: named; parse_port; parse_src_ip: 1; reference: url,wiki.quadrantsec.com/bin/view/Main/5001706; sid:5001706; rev: 2;)
-- Main.Sagan-Wiki-Add - 2015-10-21 New revisions of 5001706 will be below...
alert any $EXTERNAL_NET any -> $HOME_NET any (msg: "[BIND] Version attempt"; content: "version.bind CH TXT"; default_proto: udp; default_dst_port: $DNS_PORT; classtype: attempted-recon; xbits: set,recon,track ip_src, expire 86400; program: named; parse_port; parse_src_ip: 1; reference: url,wiki.quadrantsec.com/bin/view/Main/5001706; sid:5001706; rev: 4;)
-- Main.Sagan-Wiki-Add - 2021-4-12
Edit | Attach | Topic revision: r1 - 2015-10-21 - Sagan-Wiki-Add
Site map
Main web
Users
Groups
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
Copyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback