alert udp any any -> any 53 (msg:"ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M4"; content:"|00 00 00 01|"; depth:4; offset:2; content:"|00 01|"; distance:4; within:2; pcre:"/^[^\x00]+\x00/R"; content:"|00 f9|"; within:2; fast_pattern; pcre:"/^..[^\x00]+\x00/Rs"; content:!"|00 f9|"; within:2; threshold:type limit, track by_src, seconds 60, count 1; reference:cve,2015-5477; classtype:attempted-dos; sid:2021575; rev:4; metadata:created_at 2015_08_01, cve CVE_2015_5477, confidence Medium, signature_severity Major, updated_at 2023_05_24;)