""ET POLICY Anonymous LDAPv3 Bind Request Outbound""

SID: 2034704

Revision: 3

Class Type: policy-violation

Metadata: attack_target Client_and_Server, created_at 2021_12_14, deployment Perimeter, signature_severity Informational, updated_at 2021_12_20

Reference:

• Link

Protocol: tcp

Source Network: [$HOME_NET,$HTTP_SERVERS]

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: any

Flow: established,to_server

Contents:

• Value: "|30 0c 02 01|" Depth: 4

• Value: "|60 07 02 01 03 04 00 80 00|"

Within:

PCRE:

Special Options:

source