The SITE command in the released exploit is used to store shellcode into memory. There are plenty of other ways to store your shellcode in memory before triggering this vulnerability. If you have rules that don’t conform to this, you need to look for ways to “fail” your rule as quickly as possible. Use something like isdataat to determine if the packet is actually that big before doing the check. If you don’t do this, the effect is cumulative and performance can then become an issue.”]
Source: https://blog.talosintelligence.com/2009/09/microsoft-iis-ftp-vulnerability-bad.html