Rule History

alert udp $EXTERNAL_NET any -> $HOME_NET [137,138,139,445] (msg:"ET NETBIOS Microsoft Windows Server 2003 Active Directory Pre-Auth BROWSER ELECTION Heap Overflow Attempt"; content:"|42 4F 00|"; content:"BROWSER"; nocase; distance:0; content:"|08 09 A8 0F 01 20|"; fast_pattern; distance:0; isdataat:65,relative; content:!"|0A|"; within:65; reference:url,tools.cisco.com/security/center/viewAlert.x?alertId=22457; reference:bid,46360; classtype:attempted-admin; sid:2012317; rev:2; metadata:created_at 2011_02_18, confidence Low, signature_severity Major, updated_at 2019_07_26;)