""ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound""
SID: 2022506
Revision: 3
Class Type: trojan-activity
Metadata: created_at 2016_02_12, cve CVE_2016_1287, updated_at 2017_05_02
Reference:
Protocol: udp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: 500
Flow: to_server
Contents:
-
Value: "|84 00 00|"
-
Value: "|00 00 00|"
Within: 3
PCRE:
Special Options: