Signature giving me problems.:

alert udp $HOME_NET 5351 -> $EXTERNAL_NET any (msg:”ET EXPLOIT Possible Malicious NAT-PMP Response to External Network”; dsize:12; content:”|80 00 00|”; offset:1; depth:3; classtype:attempted-admin; sid:2019490; rev:2;)

Alert: From 10.0.1.1 (Internal GW)

To 224.0.0.1 (?)
ET EXPLOIT Possible Malicious NAT-PMP Response to External Network

https://community.rapid7.com/community/metasploit/blog/2014/10/21/r7-2014-17-nat-pmp-implementation-and-configuration-vulnerabilities