Versions (3)
Version DetailsCurrent
Rev: 2 • Jan 21, 2025, 12:00 PMET DOS Possible Brute Force Attack Using FastHTTP
alert http $EXTERNAL_NET any -> [$HTTP_SERVERS,$HOME_NET] any (msg:"ET DOS Possible Brute Force Attack Using FastHTTP"; flow:established,to_server; http.user_agent; bsize:8; content:"fasthttp"; fast_pattern; threshold:type both,track by_src,count 1000,seconds 5; reference:url,github.com/valyala/fasthttp; reference:url,speartip.com/fasthttp-used-in-new-bruteforce-campaign; classtype:misc-activity; sid:2059376; rev:2; metadata:attack_target Client_Endpoint, tls_state plaintext, created_at 2025_01_21, deployment Perimeter, former_category MALWARE, confidence Medium, signature_severity Minor, tag DDoS, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_01_22;)
Jan 21, 2025, 12:00 PM
Jan 22, 2025, 12:00 PM
Jan 21, 2025, 10:34 PM
Jul 7, 2025, 9:34 PM
rules/emerging-dos.rules