ET DOS Large amount of TCP ZeroWindow - Possible Nkiller2 DDos attack - Suricata Rule 2009414 (et/open)

ET DOS Large amount of TCP ZeroWindow - Possible Nkiller2 DDos attack

SID: 2009414Rev: 40 viewsHistory

Sourceet/open

CreatedJuly 30, 2010

UpdatedJuly 26, 2019

Classificationattempted-dos

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET DOS Large amount of TCP ZeroWindow - Possible Nkiller2 DDos attack"; flags:A; window:0; threshold:type both, track by_src, count 100, seconds 60; classtype:attempted-dos; sid:2009414; rev:4; metadata:created_at 2010_07_30, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)

Metadata

created at2010_07_30

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_07_26

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!