""ET SCAN ICMP =XXXXXXXX Likely Precursor to Scan""
SID: 2010686
Revision: 4
Class Type: network-scan
Metadata: created_at 2010_07_30, updated_at 2015_04_15
Reference:
Protocol: icmp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: any
Flow:
Contents:
- Value: "=XXXXXXXX"
Within:
PCRE:
Special Options: