ATTACK [PTsecurity] SSLv2 Hello flood. Possible DROWN attack

SID: 10000010Rev: 110 views

Sourceptresearch/attackdetection

CreatedMarch 30, 2022

UpdatedMarch 30, 2022

Classificationattempted-recon

alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ATTACK [PTsecurity] SSLv2 Hello flood. Possible DROWN attack"; flow:established,to_server; ssl_version:sslv2; ssl_state:client_hello; content:"|01 00 02|"; offset:2; depth:3; threshold:type both, track by_src, count 30, seconds 10; reference:url, drownattack.com; reference:cve, 2016-0800; classtype:attempted-recon; reference:url, github.com/ptresearch/AttackDetection; sid:10000010; rev:1;)

References

url	drownattack.com
cve	2016-0800
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!