ET DOS DNS Amplification Attack Possible Inbound Windows Non-Recursive Root Hint Reserved Port

SID: 2023053Rev: 20 views
History
Sourceet/open
CreatedAugust 12, 2016
UpdatedJuly 26, 2019
Classificationbad-unknown
alert udp $EXTERNAL_NET 53 -> $HOME_NET 1:1023 (msg:"ET DOS DNS Amplification Attack Possible Inbound Windows Non-Recursive Root Hint Reserved Port"; content:"|81 00 00 01 00 00|"; depth:6; offset:2; byte_test:2,>,10,0,relative; byte_test:2,>,10,2,relative; content:"|0c|root-servers|03|net|00|"; distance:0; content:"|0c|root-servers|03|net|00|"; distance:0; threshold:type both, track by_dst, seconds 60, count 5; reference:url,twitter.com/sempersecurus/status/763749835421941760; reference:url,pastebin.com/LzubgtVb; classtype:bad-unknown; sid:2023053; rev:2; metadata:attack_target Server, created_at 2016_08_12, deployment Datacenter, performance_impact Low, confidence Medium, signature_severity Major, updated_at 2019_07_26;)

References

urltwitter.com/sempersecurus/status/763749835421941760
urlpastebin.com/LzubgtVb

Metadata

attack targetServer
created at2016_08_12
deploymentDatacenter
performance impactLow
confidenceMedium
signature severityMajor
updated at2019_07_26

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!