""ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound""

SID: 2022506

Revision: 3

Class Type: trojan-activity

Metadata: created_at 2016_02_12, cve CVE_2016_1287, updated_at 2017_05_02

Reference:

Protocol: udp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: 500

Flow: to_server

Contents:

  • Value: "|84 00 00|"

  • Value: "|00 00 00|"

Within: 3

PCRE:

Special Options:

source