alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET DOS LOIC POST"; flow:established,to_server; threshold:type limit, track by_src, count 1, seconds 300; http.method; content:"POST"; http.request_body; content:"13"; depth:2; content:"=MSG"; fast_pattern; distance:11; within:4; pcre:"/^13\d{11}/"; classtype:web-application-attack; sid:2016030; rev:5; metadata:created_at 2012_12_14, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_05_06;)