""ET VOIP Possible Misuse Call from Cisco ooh323""

SID: 2021066

Revision: 1

Class Type: misc-attack

Metadata: created_at 2015_05_07, updated_at 2015_05_07

Reference:

• Link

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: 1720

Flow: to_server,established

Contents:

• Value: "|28 06|cisco|00|" Depth: 8 Offset: 14

• Value: "|b8 00 00 27 05|ooh323|06|"

Within: 60

PCRE:

Special Options:

source