""ET VOIP Possible Modified Sipvicious OPTIONS Scan""

SID: 2011422

Revision: 2

Class Type: attempted-recon

Metadata: created_at 2010_09_28, updated_at 2011_03_01

Reference:

• Link

Protocol: udp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: 5060

Flow:

Contents:

• Value: "OPTIONS " Depth: 8

• Value: "ccxllrlflgig|22|<sip|3A|100"

Within:

PCRE:

Special Options:

• nocase

source