BIND 9 Exploit Detection Rule

alert udp any any -> $HOME_NET 53 (msg:”ET CURRENT_EVENTS ISC BIND9 Update DoS”; content:”|00 2a 08 68 6d 61 63 2d 6d 64 35 07 73 69 67 2d 61 6c 67 03 72 65 67 03 69 6e 74 00|”; content:”|35 99 52 00 4e|”; classtype:misc-attack; reference:url,downloads.securityfocus.com/vulnerabilities/exploits/35848.txt; reference:url,www.isc.org/node/474; sid:2009695; rev:1;)

Advertisements

About this entry