""ET ACTIVEX - DNS Response containing multiple DNSSEC RRSIG Entries (Algorithm 14) - Possible CVE-2023-50387 Activity""
SID: 2050979
Revision: 1
Class Type: denial-of-service
Metadata: affected_product Any, attack_target DNS_Server, created_at 2024_02_20, cve CVE_2023_50387, deployment Perimeter, deployment Internal, performance_impact Moderate, confidence Medium, signature_severity Major, updated_at 2024_02_20
Reference:
Protocol: tcp
Source Network: any
Source Port: 53
Destination Network: $HOME_NET
Destination Port: any
Flow:
Contents:
- Value: "|84 90|"
Offset: 4
-
Value: "|00 2e 00 01|"
-
Value: "|0e|"
-
Value: "|00 2e 00 01|"
-
Value: "|0e|"
-
Value: "|00 2e 00 01|"
-
Value: "|0e|"
-
Value: "|00 2e 00 01|"
-
Value: "|0e|"
Within: 9
PCRE:
Special Options:
- fast_pattern