""ET EXPLOIT Possible Malicious NAT-PMP Response to External Network""

SID: 2019490

Revision: 3

Class Type: attempted-admin

Metadata: created_at 2014_10_22, updated_at 2017_01_06

Reference:

• Link

Protocol: udp

Source Network: $HOME_NET

Source Port: 5351

Destination Network: [!224.0.0.1,$EXTERNAL_NET]

Destination Port: any

Flow:

Contents:

• Value: "|80 00 00|" Depth: 3 Offset: 1

Within:

PCRE:

Special Options:

source