""ET DOS Excessive Large Tree Connect Response""
SID: 2023831
Revision: 3
Class Type: attempted-dos
Metadata: affected_product SMBv3, attack_target Client_and_Server, created_at 2017_02_03, deployment Datacenter, signature_severity Major, updated_at 2022_05_03
Reference:
Protocol: tcp
Source Network: any
Source Port: 445
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "|fe 53 4d 42 40 00|" Depth: 6 Offset: 4
-
Value: "|03 00|" Depth: 2 Offset: 16
Within:
PCRE:
Special Options: