Rule History

SID: 2025090 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 2 • Jun 14, 2016, 12:00 PM

Message:

ET NETBIOS Tree Connect AndX Request IPC$ Unicode

Rule:

alert tcp any any -> any [139,445] (msg:"ET NETBIOS Tree Connect AndX Request IPC$ Unicode"; flow:established,to_server; content:"|00|"; depth:1; content:"|FF|SMBu"; within:5; distance:3; content:"| 00 5c 00 69 00 70 00 63 00 24 00 00 00|"; nocase; flowbits:set,smb.tree.connect.ipc; flowbits:noalert; reference:cve,2006-4691; classtype:protocol-command-decode; sid:2025090; rev:2; metadata:created_at 2016_06_14, signature_severity Minor, updated_at 2020_08_20;)

Created:

Jun 14, 2016, 12:00 PM

Updated:

Aug 20, 2020, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-netbios.rules