alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Unusually Fast HTTP Requests With Referer Url Matching DoS? Tool"; flow:to_server,established; content:"Referer|3a 20|"; http_header; content:"/slowhttptest/"; http_header; fast_pattern:only; pcre:"/Referer\x3a\x20[^\r\n]*\/slowhttptest\//Hi"; threshold: type both, track by_src, count 15, seconds 30; reference:url,community.qualys.com/blogs/securitylabs/2012/01/05/slow-read; classtype:web-application-activity; sid:2014103; rev:4; metadata:created_at 2012_01_09, updated_at 2012_01_09;)

Added 2017-08-07 21:07:26 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Unusually Fast HTTP Requests With Referer Url Matching DoS? Tool"; flow:to_server,established; content:"Referer|3a 20|"; http_header; content:"/slowhttptest/"; http_header; fast_pattern:only; pcre:"/Referer\x3a\x20[^\r\n]*\/slowhttptest\//Hi"; threshold: type both, track by_src, count 15, seconds 30; reference:url,community.qualys.com/blogs/securitylabs/2012/01/05/slow-read; classtype:web-application-activity; sid:2014103; rev:4;)

Added 2016-05-25 19:02:07 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SERVER Unusually Fast HTTP Requests With Referer Url Matching DoS? Tool"; flow:to_server,established; content:"Referer|3a 20|"; http_header; content:"/slowhttptest/"; http_header; fast_pattern:only; pcre:"/Referer\x3a\x20[^\r\n]*\/slowhttptest\//Hi"; threshold: type both, track by_src, count 15, seconds 30; reference:url,community.qualys.com/blogs/securitylabs/2012/01/05/slow-read; classtype:web-application-activity; sid:2014103; rev:4;)

Added 2016-05-25 17:50:12 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Unusually Fast HTTP Requests With Referer Url Matching DoS? Tool"; flow:to_server,established; content:"Referer|3a 20|http|3a|//code.google.com/p/slowhttptest/"; http_header; threshold: type both, track by_src, count 15, seconds 30; reference:url,community.qualys.com/blogs/securitylabs/2012/01/05/slow-read; classtype:web-application-activity; sid:2014103; rev:2;)

Added 2014-04-14 19:22:50 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Unusually Fast HTTP Requests With Referrer Url Matching DoS? Tool"; flow:to_server,established; content:"Referer|3a 20|http|3a|//code.google.com/p/slowhttptest/"; http_header; threshold: type both, track by_src, count 15, seconds 30; reference:url,community.qualys.com/blogs/securitylabs/2012/01/05/slow-read; classtype:web-application-activity; sid:2014103; rev:1;)

Added 2012-01-09 22:46:50 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats