#alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET DOS Large amount of TCP ZeroWindow? - Possible Nkiller2 DDos attack"; flags:A; window:0; threshold: type both, track by_src, count 100, seconds 60; reference:url,doc.emergingthreats.net/2009414; classtype:attempted-dos; sid:2009414; rev:4;)

Added 2014-09-08 17:51:17 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET DOS Large amount of TCP ZeroWindow? - Possible Nkiller2 DDos attack"; flags:A; window:0; threshold: type threshold, track by_src,count 100, seconds 60; reference:url,doc.emergingthreats.net/2009414; classtype:attempted-dos; sid:2009414; rev:3;)

Added 2011-10-12 19:27:19 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET DOS Large amount of TCP ZeroWindow? - Possible Nkiller2 DDos attack"; flags:A; window:0; threshold: type threshold, track by_src,count 100, seconds 60; classtype:attempted-dos; reference:url,doc.emergingthreats.net/2009414; sid:2009414; rev:3;)

Added 2011-09-14 22:40:41 UTC


#alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET DOS Large amount of TCP ZeroWindow? - Possible Nkiller2 DDos attack"; flags:A; window:0; threshold: type threshold, track by_src,count 100, seconds 60; classtype:attempted-dos; reference:url,doc.emergingthreats.net/2009414; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Nkiller2; sid:2009414; rev:3;)

Added 2011-05-24 18:47:26 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET DOS Large amount of TCP ZeroWindow? - Possible Nkiller2 DDos attack"; flags:A; window:0; threshold: type threshold, track by_src,count 100, seconds 60; classtype:attempted-dos; reference:url,doc.emergingthreats.net/2009414; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Nkiller2; sid:2009414; rev:3;)

Added 2011-02-04 17:28:44 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET DOS Large amount of TCP ZeroWindow? - Possible Nkiller2 DDos attack"; flags:A; window:0; threshold: type threshold, track by_src,count 100, seconds 60; classtype:attempted-dos; reference:url,doc.emergingthreats.net/2009414; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Nkiller2; sid:2009414; rev:3;)

Added 2009-06-22 19:30:34 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET DOS Large amount of TCP ZeroWindow? - Possible Nkiller2 DDos attack"; flags:A; window:0; threshold: type threshold, track by_src,count 100, seconds 60; classtype:attempted-dos; reference:url,doc.emergingthreats.net/2009414; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Nkiller2; sid:2009414; rev:3;)

Added 2009-06-22 19:30:34 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET DOS Large amount of TCP ZeroWindow? - Possible Nkiller2 DDos attack"; flags:A; window:0; threshold: type threshold, track by_src,count 100, seconds 60; classtype:attempted-dos; sid:2009414; rev:2;)

Added 2009-06-22 16:30:35 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET DOS Large amount of TCP ZeroWindow? - Possible Nkiller2 DDos attack"; flags:A; window:0; threshold: type threshold, track by_src,count 100, seconds 60; classtype:attempted-dos; sid:2009414; rev:2;)

Added 2009-06-22 16:30:35 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET DOS Large amount of TCP ZeroWindow? - Possible Nkiller2 DDos attack"; flags:A; window:0; threshold: type threshold, track by_src,count 100, seconds 60; classtype:attempted-dos; sid:2009414; rev:1;)

Added 2009-06-19 15:15:35 UTC


Topic revision: r1 - 2014-09-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats