ET DOS Inbound GoldenEye DoS attack

7.0.35.0SID: 2018208Rev: 6Disabled1 views
Sourceet/open
Fileemerging-dos.rules
CreatedMarch 5, 2014
UpdatedApril 18, 2024
Classificationdenial-of-service
alert http1 $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET DOS Inbound GoldenEye DoS attack"; flow:established,to_server; threshold:type both, track by_src, count 100, seconds 300; http.uri; content:"/?"; fast_pattern; startswith; content:"="; distance:3; within:11; pcre:"/^\/\?[a-zA-Z0-9]{3,10}=[a-zA-Z0-9]{3,20}(?:&[a-zA-Z0-9]{3,10}=[a-zA-Z0-9]{3,20})*?$/"; http.connection; content:"keep|2d|alive"; startswith; http.header; content:"Keep|2d|Alive|3a|"; content:"Cache|2d|Control|3a|"; pcre:"/^Cache-Control\x3a\x20(?:max-age=0|no-cache)\r?$/m"; content:"Accept|2d|Encoding|3a|"; reference:url,github.com/jseidl/GoldenEye; classtype:denial-of-service; sid:2018208; rev:6; metadata:created_at 2014_03_05, deprecation_reason Performance, performance_impact Significant, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_18;)

Metadata

created at2014_03_05
deprecation reasonPerformance
performance impactSignificant
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_04_18

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!