""ET DOS Excessive Large Tree Connect Response""

SID: 2023831

Revision: 3

Class Type: attempted-dos

Metadata: affected_product SMBv3, attack_target Client_and_Server, created_at 2017_02_03, deployment Datacenter, signature_severity Major, updated_at 2022_05_03

Reference:

Protocol: tcp

Source Network: any

Source Port: 445

Destination Network: $HOME_NET

Destination Port: any

Flow: established,to_client

Contents:

  • Value: "|fe 53 4d 42 40 00|" Depth: 6 Offset: 4

  • Value: "|03 00|" Depth: 2 Offset: 16

Within:

PCRE:

Special Options:

source