ET DOS LOIC Javascript DDoS Outbound
Sourceet/open
Fileemerging-dos.rules
CreatedJanuary 23, 2012
UpdatedApril 12, 2024
Classificationattempted-dos
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET DOS LOIC Javascript DDoS Outbound"; flow:established,to_server ; threshold:type both, track by_src, count 5, seconds 60 ; http.method; content:"GET"; http.uri; content:"/?id="; fast_pattern; startswith; content:"&msg="; distance:13; within:5; pcre:"/^\/\?id=[0-9]{13}&msg=/"; reference:url,isc.sans.org/diary/Javascript+DDoS+Tool+Analysis/12442 ; reference:url,www.wired.com/threatlevel/2012/01/anons-rickroll-botnet ; classtype:attempted-dos; sid:2014141; rev:7; metadata:created_at 2012_01_23, signature_severity Major, updated_at 2024_04_12;)
References
Metadata
created at2012_01_23
signature severityMajor
updated at2024_04_12
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!