Rule History

SID: 2011402 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 6 • Sep 28, 2010, 12:00 PM

Message:

ET MALWARE Yoyo-DDoS Bot HTTP Flood Attack Inbound

Rule:

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MALWARE Yoyo-DDoS Bot HTTP Flood Attack Inbound"; flow:established,to_server; http.header; content:"|0d 0a|Accept-Encoding|3a 20|g|7b|ip|2c 20|deflate|0d 0a|"; http.connection; bsize:10; content:"Keep|2D|Alivf"; fast_pattern; threshold:type limit, count 5, seconds 60, track by_src; reference:url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/; classtype:denial-of-service; sid:2011402; rev:6; metadata:created_at 2010_09_28, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_05;)

Created:

Sep 28, 2010, 12:00 PM

Updated:

Mar 5, 2024, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Dec 8, 2025, 10:34 PM

Filename:

rules/emerging-malware.rules