alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT RST Flood With Window"; flow:no_stream,to_server; flags:R; window:!0; threshold:type both, track by_dst, seconds 1, count 101; reference:url,www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf; reference:cve,2016-5696; classtype:misc-attack; sid:2023141; rev:2; metadata:affected_product Linux, attack_target Server, created_at 2016_08_29, deployment Perimeter, performance_impact Significant, signature_severity Major, updated_at 2019_07_26;)