""ET EXPLOIT Possible CVE-2014-6271 malicious DNS response""

SID: 2019402

Revision: 1

Class Type: attempted-admin

Metadata: created_at 2014_10_15, cve CVE_2014_6271, updated_at 2014_10_15

Reference:

• Link

Protocol: udp

Source Network: $EXTERNAL_NET

Source Port: 53

Destination Network: $HOME_NET

Destination Port: any

Flow:

Contents:

• Value: "|28 29 20 7b|"

Within:

PCRE:

Special Options:

source