Rule History

alert dns $HOME_NET any -> any any (msg:"ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (ns4.hostasa.org)"; threshold:type both,track by_src,count 10,seconds 120; dns.query; content:"ns4.hostasa.org"; depth:15; fast_pattern; nocase; endswith; reference:md5,3c49b5160b981f06bd5242662f8d0a54; classtype:trojan-activity; sid:2021330; rev:5; metadata:created_at 2015_06_24, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_09_17;)