Versions (4)
Version DetailsCurrent
Rev: 3 • Aug 1, 2015, 12:00 PMET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M1
alert udp any any -> any 53 (msg:"ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M1"; content:"|01 00 00 01 00 01|"; depth:6; offset:2; pcre:"/^.{4}[^\x00]+\x00/R"; content:"|00 f9|"; within:2; fast_pattern; pcre:"/^..[^\x00]+\x00/Rs"; content:!"|00 f9|"; within:2; threshold:type limit, track by_src, seconds 60, count 1; reference:cve,2015-5477; classtype:attempted-dos; sid:2021572; rev:3; metadata:created_at 2015_08_01, cve CVE_2015_5477, confidence Medium, signature_severity Major, updated_at 2023_05_24;)
Aug 1, 2015, 12:00 PM
May 24, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit.rules