alert udp any any -> $HOME_NET 5060 (msg:"ATTACK [PTSecurity] Cisco ASA and Cisco FTD possible DoS (CVE-2018-15454)"; flow:no_stream; content:"SIP|2f|"; nocase; content:"Via:"; nocase; distance:0; content:"SIP|2f|"; nocase; distance:0; content:"|2f|UDP"; nocase; distance:0; within:10; content:"0.0.0.0"; distance:0; within:15; fast_pattern; content:"branch="; nocase; distance:0; reference:url, www.securityfocus.com/bid/105768/; reference:cve, 2018-15454; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10004025; rev:1;)