snort rule for LOIC and slow loris

Home Page Forums Network Management Snort IDS snort rule for LOIC and slow loris

This topic contains 1 reply, has 0 voices, and was last updated by  yat 6 years, 8 months ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #43411

    yat
    Member

    snort rule for LOIC and slow loris:

    alert tcp any any -> any 80 (msg:”SLR – LOIC DoS Tool HTTP Mode)”; flags:PA; content:”GET / HTTP/1.0″; sid:1234569; rev:1; )

    alert tcp any any -> any 80 (msg:”SLR – LOIC DoS Tool TCP Mode)”; flags:PA; content:”|65 73 75 64 65 73 75 64 65 73 75 7e|”; sid:1234570; rev:1; )

    alert udp any any -> any 80 (msg:”SLR – LOIC DoS Tool UDP Mode)”; content:”|65 73 75 64 65 73 75 64 65 73 75 7e|”; threshold: type threshold, track by_src, count 100 , seconds 5; sid:1234571; rev:1; )

    alert tcp any any -> any any (msg:”DDOS Slowloris flooding the network)”; content:”NOTIFY * HTTP/1.1″; sid:1234572; rev:1; )

    alert udp any any -> any any (msg:”DDOS Slowloris flooding the network UDP)”; content:”NOTIFY * HTTP/1.1″; sid:1234573; rev:1; )

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.