""ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound 2""

SID: 2022515

Revision: 2

Class Type: trojan-activity

Metadata: created_at 2016_02_12, cve CVE_2016_1287, updated_at 2017_05_02

Reference:

• Link

Protocol: udp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: 500

Flow: to_server

Contents:

• Value: "|84 20|" Depth: 2 Offset: 16

Within:

PCRE:

Special Options:

source