""ET DOS CallStranger - Attempted UPnP Reflected Amplified TCP with Multiple Callbacks (CVE-2020-12695)""
SID: 2030339
Revision: 2
Class Type: attempted-dos
Metadata: affected_product UPnP, attack_target IoT, created_at 2020_06_15, cve CVE_2020_12695, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2020_06_15
Reference:
-
cve
-
2020-12695
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: any
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "SUBSCRIBE"
-
Value: "CALLBACK|3a|"
-
Value: "<http"
-
Value: "<http"
Within:
PCRE: "/^Callback\x3a\x20
Special Options:
-
http_method
-
http_header
-
fast_pattern
-
nocase
-
http_header
-
http_header