#alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET EXPLOIT DOS Microsoft Windows SRV.SYS MAILSLOT "; flow:to_server,established; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; pcre:"/^.{27}/sR"; content:"|03|"; distance:21; content:"|01 00 00 00 00 00|"; distance:1; within:6; byte_test:2,=,17,0,little,relative; content:"|5C|MAILSLOT|5C|"; within:10; distance:2; reference:url,www.milw0rm.com/exploits/2057; reference:url,www.microsoft.com/technet/security/bulletin/MS06-035.mspx; reference:url,doc.emergingthreats.net/bin/view/Main/2003067; classtype:attempted-dos; sid:2003067; rev:5; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2018-09-13 19:38:30 UTC

Added 2018-09-13 17:53:06 UTC

#alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET EXPLOIT DOS Microsoft Windows SRV.SYS MAILSLOT "; flow:to_server,established; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; pcre:"/^.{27}/sR"; content:"|03|"; distance:21; content:"|01 00 00 00 00 00|"; distance:1; within:6; byte_test:2,=,17,0,little,relative; content:"|5C|MAILSLOT|5C|"; within:10; distance:2; reference:url,www.milw0rm.com/exploits/2057; reference:url,www.microsoft.com/technet/security/bulletin/MS06-035.mspx; reference:url,doc.emergingthreats.net/bin/view/Main/2003067; classtype:attempted-dos; sid:2003067; rev:5; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 20:56:26 UTC

#alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET EXPLOIT DOS Microsoft Windows SRV.SYS MAILSLOT "; flow:to_server,established; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; pcre:"/^.{27}/sR"; content:"|03|"; distance:21; content:"|01 00 00 00 00 00|"; distance:1; within:6; byte_test:2,=,17,0,little,relative; content:"|5C|MAILSLOT|5C|"; within:10; distance:2; reference:url,www.milw0rm.com/exploits/2057; reference:url,www.microsoft.com/technet/security/bulletin/MS06-035.mspx; reference:url,doc.emergingthreats.net/bin/view/Main/2003067; classtype:attempted-dos; sid:2003067; rev:5;)

Added 2011-10-12 19:12:48 UTC

#alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET EXPLOIT DOS Microsoft Windows SRV.SYS MAILSLOT "; flow:to_server,established; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; pcre:"/^.{27}/sR"; content:"|03|"; distance:21; content:"|01 00 00 00 00 00|"; distance:1; within:6; byte_test:2,=,17,0,little,relative; content:"|5C|MAILSLOT|5C|"; within:10; distance:2; classtype:attempted-dos; reference:url,www.milw0rm.com/exploits/2057; reference:url,www.microsoft.com/technet/security/bulletin/MS06-035.mspx; reference:url,doc.emergingthreats.net/bin/view/Main/2003067; sid:2003067; rev:5;)

Added 2011-09-14 22:25:46 UTC

#alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET EXPLOIT DOS Microsoft Windows SRV.SYS MAILSLOT "; flow:to_server,established; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; pcre:"/^.{27}/sR"; content:"|03|"; distance:21; content:"|01 00 00 00 00 00|"; distance:1; within:6; byte_test:2,=,17,0,little,relative; content:"|5C|MAILSLOT|5C|"; within:10; distance:2; classtype:attempted-dos; reference:url,www.milw0rm.com/exploits/2057; reference:url,www.microsoft.com/technet/security/bulletin/MS06-035.mspx; reference:url,doc.emergingthreats.net/bin/view/Main/2003067; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_MS06-035; sid:2003067; rev:5;)

Added 2011-02-04 17:22:14 UTC

alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET EXPLOIT DOS Microsoft Windows SRV.SYS MAILSLOT "; flow:to_server,established; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; pcre:"/^.{27}/sR"; content:"|03|"; distance:21; content:"|01 00 00 00 00 00|"; distance:1; within:6; byte_test:2,=,17,0,little,relative; content:"|5C|MAILSLOT|5C|"; within:10; distance:2; reference:url,www.milw0rm.com/exploits/2057; reference:url,www.microsoft.com/technet/security/bulletin/MS06-035.mspx; classtype:attempted-dos; reference:url,doc.emergingthreats.net/bin/view/Main/2003067; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_MS06-035; sid:2003067; rev:5;)

Added 2009-02-07 22:00:25 UTC

alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET EXPLOIT DOS Microsoft Windows SRV.SYS MAILSLOT "; flow:to_server,established; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; pcre:"/^.{27}/sR"; content:"|03|"; distance:21; content:"|01 00 00 00 00 00|"; distance:1; within:6; byte_test:2,=,17,0,little,relative; content:"|5C|MAILSLOT|5C|"; within:10; distance:2; reference:url,www.milw0rm.com/exploits/2057; reference:url,www.microsoft.com/technet/security/bulletin/MS06-035.mspx; classtype:attempted-dos; reference:url,doc.emergingthreats.net/bin/view/Main/2003067; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_MS06-035; sid:2003067; rev:5;)

Added 2009-02-07 22:00:25 UTC

alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET EXPLOIT DOS Microsoft Windows SRV.SYS MAILSLOT "; flow:to_server,established; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; pcre:"/^.{27}/sR"; content:"|03|"; distance:21; content:"|01 00 00 00 00 00|"; distance:1; within:6; byte_test:2,=,17,0,little,relative; content:"|5C|MAILSLOT|5C|"; within:10; distance:2; reference:url,www.milw0rm.com/exploits/2057; reference:url,www.microsoft.com/technet/security/bulletin/MS06-035.mspx; classtype:attempted-dos; sid:2003067; rev:4;)

Added 2008-05-18 19:52:13 UTC

alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"ET EXPLOIT DOS Microsoft Windows SRV.SYS MAILSLOT "; flow:to_server,established; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; pcre:"/^.{27}/sR"; content:"|03|"; distance:21; content:"|01 00 00 00 00 00|"; distance:1; within:6; byte_test:2,=,17,0,little,relative; content:"|5C|MAILSLOT|5C|"; within:10; distance:2; reference:url,www.milw0rm.com/exploits/2057; reference:url,www.microsoft.com/technet/security/bulletin/MS06-035.mspx; classtype:attempted-dos; sid:2003067; rev:4;)

Added 2008-05-18 19:52:13 UTC

alert tcp any any -> $HOME_NET 445 (msg:"ET EXPLOIT DOS Microsoft Windows SRV.SYS MAILSLOT "; flow:to_server,established; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; pcre:"/^.{27}/sR"; content:"|03|"; distance:21; content:"|01 00 00 00 00 00|"; distance:1; within:6; byte_test:2,=,17,0,little,relative; content:"|5C|MAILSLOT|5C|"; within:10; distance:2; reference:url,www.milw0rm.com/exploits/2057; reference:url,www.microsoft.com/technet/security/bulletin/MS06-035.mspx; classtype:attempted-dos; sid:2003067; rev:3;)

Added 2008-01-25 10:56:38 UTC

alert tcp any any -> $HOME_NET 445 (msg:"ET EXPLOIT DOS Microsoft Windows SRV.SYS MAILSLOT "; flow:to_server,established; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; pcre:"/^.{27}/sR"; content:"|03|"; distance:21; content:"|01 00 00 00 00 00|"; distance:1; within:6; byte_test:2,=,17,0,little,relative; content:"|5C|MAILSLOT|5C|"; within:10; distance:2; reference:url,www.milw0rm.com/exploits/2057; reference:url,www.microsoft.com/technet/security/bulletin/MS06-035.mspx; classtype:attempted-dos; sid:2003067; rev:3;)

Added 2008-01-25 10:56:38 UTC

alert tcp any any -> $HOME_NET 445 (msg:"BLEEDING-EDGE EXPLOIT DOS Microsoft Windows SRV.SYS MAILSLOT "; flow:to_server,established; content:"|00|"; depth:1; content:"|FF|SMB%"; within:5; distance:3; byte_test:1,!&,128,6,relative; pcre:"/^.{27}/sR"; content:"|03|"; distance:21; content:"|01 00 00 00 00 00|"; distance:1; within:6; byte_test:2,=,17,0,little,relative; content:"|5C|MAILSLOT|5C|"; within:10; distance:2; reference:url,www.milw0rm.com/exploits/2057; reference:url,www.microsoft.com/technet/security/bulletin/MS06-035.mspx; classtype:attempted-dos; sid:2003067; rev:2;)