alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET NETBIOS Remote SMB2.0 DoS Exploit"; flow:to_server,established; content:"|ff|SMB|72 00 00 00 00 18 53 c8|"; offset:4; content:!"|00 00|"; within:2; reference:url,securityreason.com/exploitalert/7138; classtype:attempted-dos; sid:2009886; rev:4; metadata:created_at 2010_07_30, confidence Medium, signature_severity Major, updated_at 2019_07_26;)