ET INFO RMI Request Outbound
Sourceet/open
Fileemerging-info.rules
CreatedDecember 14, 2021
UpdatedMarch 14, 2024
Classificationpolicy-violation
alert tcp [$HOME_NET,$HTTP_SERVERS] any -> $EXTERNAL_NET any (msg:"ET INFO RMI Request Outbound"; flow:established,to_server ; flowbits:isnotset,ET.RMIRequest ; flowbits:set,ET.RMIRequest ; stream_size:server,<,5 ; content:"|4a 52 4d 49 00|"; startswith; fast_pattern; pcre:"/^(?:\x01|\x02)(?:\x4b|\x4c|\x4d)/R" ; reference:url,docs.oracle.com/javase/9/docs/specs/rmi/protocol.html ; reference:url,github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/lib/rex/proto/rmi/model.rb ; classtype:policy-violation; sid:2034718; rev:4; metadata:attack_target Client_and_Server, created_at 2021_12_14, deployment Perimeter, confidence High, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_14;)
References
Metadata
attack targetClient_and_Server
created at2021_12_14
deploymentPerimeter
confidenceHigh
signature severityInformational
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_14
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!