alert tcp any 53 -> $HOME_NET any (msg:"ET HUNTING - DNS Response containing multiple DNSSEC RRSIG Entries (Algorithm 14) - Possible CVE-2023-50387 Activity"; content:"|84 90|"; offset:4; content:"|00 2e 00 01|"; fast_pattern; content:"|0e|"; distance:8; within:9; content:"|00 2e 00 01|"; distance:0; content:"|0e|"; distance:8; within:9; content:"|00 2e 00 01|"; distance:0; content:"|0e|"; distance:8; within:9; content:"|00 2e 00 01|"; distance:0; content:"|0e|"; distance:8; within:9; reference:cve,2023-50387; reference:url,github.com/knqyf263/CVE-2023-50387; classtype:denial-of-service; sid:2050979; rev:1; metadata:affected_product Any, attack_target DNS_Server, created_at 2024_02_20, cve CVE_2023_50387, deployment Perimeter, deployment Internal, performance_impact Moderate, confidence Low, signature_severity Major, updated_at 2024_02_20;)