IPS for CVE-2020-16898 / CVE-2020-16899

Question

Hi, 
 about Sophos IPS and recently hyped CVE Ping of death / bad neighbour: 
 Snort has detections for the attack on CVE-2020-16898 / CVE-2020-16899 
 Those are: https://www.snort.org/rule_docs/1-55984 https://www.snort.org/rule_docs/1-55993 
 There is a new Sophos IPS Document / Pattern V 9.17.53 
 Sophos IPS shows different names for the patterns than snort. Made it a bit difficult to find on my XG. Sophos' IDs are 2304055 2304163 
 Current IPS Detections on XG for those ICMP IPv6 attacks contain the CVE ID in their name:

OS-WINDOWS Microsoft Windows CVE-2020-16898 IPV6 Stack Overflow Vulnerability 
 
 2304055 
 
 os-windows 
 
 1 - Critical

Windows

Server 
 
 Drop packet

OS-WINDOWS Microsoft Windows CVE-2020-16898 IPV6 Stack Overflow Vulnerability 
 
 2304163 
 
 os-windows 
 
 1 - Critical

Windows

Server 
 
 Drop packet

Thanks for the quick implementation of the patterns!

LuCar Toni · Accepted Answer

They are already linked into the Sophos news article, for those of you, who wants to know, what is going on in this vulnerability. 
 https://news.sophos.com/en-us/2020/10/13/top-reason-to-apply-october-2020s-microsoft-patches-ping-of-death-redux/

IPS for CVE-2020-16898 / CVE-2020-16899

Top Replies