May 2003
Intermediate to advanced
360 pages
10h 27m
English
The Attempted Denial of Service rule category encompasses all rules that detect DoS attacks. Rules that detect somewhat antiquated but relevant DoS attacks are included in this classification. An echo/chargen attack is an example:
alert udp any 19 <> any 7 (msg:"DOS UDP echo+chargen bomb"; classtype:attempted-dos;)
The denial of service condition that is detected by this signature is an echo/chargen service infinite loop. In this DoS attack, spoofed packets are used to start a infiniate loop to <rewrite>.
Other Attempted Denial of Service rules detect exceptional or unusual input delivered by an attacker with the intent to disable a system or service. By their nature, exceptional and unusual input conditions are ...
Read now
Unlock full access