#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DELETED Possible Slowloris Tool HTTP/Proxy Denial Of Service Attempt"; flow:to_server,established; content:"GET /"; depth:5; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 5.1|3b| Trident/4.0"; http_header; threshold: type threshold, track by_src, count 100, seconds 30; reference:url,isc.sans.org/diary.html?storyid=6601; reference:url,www.packetstormsecurity.com/filedesc/slowloris.pl.txt.html; reference:url,doc.emergingthreats.net/2009413; classtype:attempted-dos; sid:2009413; rev:4; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:02:33 UTC


##alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DELETED Possible Slowloris Tool HTTP/Proxy Denial Of Service Attempt"; flow:to_server,established; content:"GET /"; depth:5; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 5.1|3b| Trident/4.0"; http_header; threshold: type threshold, track by_src, count 100, seconds 30; reference:url,isc.sans.org/diary.html?storyid=6601; reference:url,www.packetstormsecurity.com/filedesc/slowloris.pl.txt.html; reference:url,doc.emergingthreats.net/2009413; classtype:attempted-dos; sid:2009413; rev:4;)

Added 2011-10-12 19:27:19 UTC


##alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DELETED Possible Slowloris Tool HTTP/Proxy Denial Of Service Attempt"; flow:to_server,established; content:"GET /"; depth:5; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 5.1|3b| Trident/4.0"; http_header; threshold: type threshold, track by_src, count 100, seconds 30; classtype:attempted-dos; reference:url,isc.sans.org/diary.html?storyid=6601; reference:url,www.packetstormsecurity.com/filedesc/slowloris.pl.txt.html; reference:url,doc.emergingthreats.net/2009413; sid:2009413; rev:4;)

Added 2011-09-14 22:40:41 UTC


##alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DELETED Possible Slowloris Tool HTTP/Proxy Denial Of Service Attempt"; flow:to_server,established; content:"GET /"; depth:5; content:"User-Agent|3a| Mozilla/4.0 (compatible|3b| MSIE 7.0|3b| Windows NT 5.1|3b| Trident/4.0"; http_header; threshold: type threshold, track by_src, count 100, seconds 30; classtype:attempted-dos; reference:url,isc.sans.org/diary.html?storyid=6601; reference:url,www.packetstormsecurity.com/filedesc/slowloris.pl.txt.html; reference:url,doc.emergingthreats.net/2009413; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Slowliris; sid:2009413; rev:4;)

Added 2011-02-04 17:28:44 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DOS Possible Slowloris Tool HTTP/Proxy Denial Of Service Attempt"; flow:to_server,established; content:"GET /"; depth:5; content:"User-Agent\: Mozilla/4.0 (compatible\; MSIE 7.0\; Windows NT 5.1\; Trident/4.0"; offset:30; depth:90; threshold: type threshold, track by_src, count 100, seconds 30; classtype:attempted-dos; reference:url,isc.sans.org/diary.html?storyid=6601; reference:url,www.packetstormsecurity.com/filedesc/slowloris.pl.txt.html; reference:url,doc.emergingthreats.net/2009413; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Slowliris; sid:2009413; rev:2;)

Added 2009-06-22 19:30:34 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DOS Possible Slowloris Tool HTTP/Proxy Denial Of Service Attempt"; flow:to_server,established; content:"GET /"; depth:5; content:"User-Agent\: Mozilla/4.0 (compatible\; MSIE 7.0\; Windows NT 5.1\; Trident/4.0"; offset:30; depth:90; threshold: type threshold, track by_src, count 100, seconds 30; classtype:attempted-dos; reference:url,isc.sans.org/diary.html?storyid=6601; reference:url,www.packetstormsecurity.com/filedesc/slowloris.pl.txt.html; reference:url,doc.emergingthreats.net/2009413; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Slowliris; sid:2009413; rev:2;)

Added 2009-06-22 19:30:34 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DOS Possible Slowloris Tool HTTP/Proxy Denial Of Service Attempt"; flow:to_server,established; content:"GET /"; depth:5; content:"User-Agent\: Mozilla/4.0 (compatible\; MSIE 7.0\; Windows NT 5.1\; Trident/4.0"; offset:30; depth:90; threshold: type threshold, track by_src, count 100, seconds 30; classtype:attempted-dos; reference:url,isc.sans.org/diary.html?storyid=6601; reference:url,www.packetstormsecurity.com/filedesc/slowloris.pl.txt.html; sid:2009413; rev:1;)

Added 2009-06-19 15:00:37 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats