Rule History

SID: 2103235 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 3 • Sep 23, 2010, 12:00 PM

Message:

GPL NETBIOS Messenger message overflow attempt

Rule:

alert udp $EXTERNAL_NET any -> $HOME_NET 135 (msg:"GPL NETBIOS Messenger message overflow attempt"; content:"|04 00|"; depth:2; byte_test:1,!&,16,2,relative; content:"|F8 91|{Z|00 FF D0 11 A9 B2 00 C0|O|B6 E6 FC|"; within:16; distance:22; content:"|00 00|"; within:2; distance:28; byte_jump:4,18,align,relative; byte_jump:4,8,align,relative; byte_test:4,>,1024,8,relative; reference:bugtraq,8826; reference:cve,2003-0717; classtype:attempted-admin; sid:2103235; rev:3; metadata:created_at 2010_09_23, confidence Medium, signature_severity Informational, updated_at 2019_07_26;)

Created:

Sep 23, 2010, 12:00 PM

Updated:

Jul 26, 2019, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-netbios.rules