alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Yoyo-DDoS Bot HTTP Flood Attack Outbound"; flow:established,to_server; content:"|0d 0a|Accept-Encoding|3A| g|7b|ip|2C| deflate|0d 0a|"; http_header; content:"|0d 0a|Connection|3A| Keep|2D|Alivf|0d 0a|"; fast_pattern:14,12; http_header; threshold:type limit, count 5, seconds 60, track by_src; reference:url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/; classtype:denial-of-service; sid:2011403; rev:3;)

Added 2012-10-18 01:34:53 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Yoyo-DDoS Bot HTTP Flood Attack Outbound"; flow:established,to_server; content:"|0d 0a|Accept-Encoding|3A| g|7b|ip|2C| deflate|0d 0a|"; content:"|0d 0a|Connection|3A| Keep|2D|Alivf|0d 0a|"; threshold:type limit, count 5, seconds 60, track by_src; reference:url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/; classtype:denial-of-service; sid:2011403; rev:1;)

Added 2011-10-12 19:31:56 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET TROJAN Yoyo-DDoS Bot HTTP Flood Attack Outbound"; flow:established,to_server; content:"|0d 0a|Accept-Encoding|3A| g|7b|ip|2C| deflate|0d 0a|"; content:"|0d 0a|Connection|3A| Keep|2D|Alivf|0d 0a|"; threshold:type limit, count 5, seconds 60, track by_src; classtype:denial-of-service; reference:url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/; sid:2011403; rev:1;)

Added 2011-02-04 17:31:13 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS ( msg:"ET TROJAN Yoyo-DDoS Bot HTTP Flood Attack Outbound"; flow:established,to_server; content:"|0d 0a|Accept-Encoding|3A| g|7b|ip|2C| deflate|0d 0a|"; content:"|0d 0a|Connection|3A| Keep|2D|Alivf|0d 0a|"; threshold:type limit, count 5, seconds 60, track by_src; classtype:denial-of-service; reference:url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/; reference:url,doc.emergingthreats.net/2011403; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Yoyo; sid:2011403; rev:2;)

Added 2010-08-31 16:04:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS ( msg:"ET TROJAN Yoyo-DDoS Bot HTTP Flood Attack Outbound"; flow:established,to_server; content:"|0d 0a|Accept-Encoding|3A| g|7b|ip|2C| deflate|0d 0a|"; content:"|0d 0a|Connection|3A| Keep|2D|Alivf|0d 0a|"; threshold:type limit, count 5, seconds 60, track by_src; classtype:denial-of-service; reference:url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/; reference:url,doc.emergingthreats.net/2011403; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Yoyo; sid:2011403; rev:2;)

Added 2010-08-31 16:04:32 UTC


alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS ( msg:"ET TROJAN Yoyo-DDoS Bot HTTP Flood Attack Outbound"; flow:established,to_server; content:"|0d 0a|Accept-Encoding|3A| g|7b|ip|2C| deflate|0d 0a|"; content:"|0d 0a|Connection|3A| Keep|2D|Alivf|0d 0a|"; threshold:type limit, count 5, seconds 60, track by_src; classtype:denial-of-service; reference:url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/; sid:2011403; rev:1;)

Added 2010-08-27 13:21:43 UTC


Topic revision: r1 - 2012-10-18 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats