alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg: "ET DOS squ1rt Apache DoS?"; flow: to_server,established; flowbits:isset,http.get; dsize: 1448; content:"|20202020|"; depth: 4; content:"|20202020|"; offset: 1436; depth: 4; reference:cve,2004-0942; classtype: attempted-dos; reference:url,doc.emergingthreats.net/bin/view/Main/2001636; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Apache_Squ1rt; sid: 2001636; rev:6;)

Added 2009-02-06 19:00:55 UTC

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg: "ET DOS squ1rt Apache DoS?"; flow: to_server,established; flowbits:isset,http.get; dsize: 1448; content:"|20202020|"; depth: 4; content:"|20202020|"; offset: 1436; depth: 4; reference:cve,2004-0942; classtype: attempted-dos; reference:url,doc.emergingthreats.net/bin/view/Main/2001636; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Apache_Squ1rt; sid: 2001636; rev:6;)

Added 2009-02-06 19:00:55 UTC

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg: "ET DOS squ1rt Apache DoS?"; flow: to_server,established; flowbits:isset,http.get; dsize: 1448; content:"|20202020|"; depth: 4; content:"|20202020|"; offset: 1436; depth: 4; reference:cve,2004-0942; classtype: attempted-dos; sid: 2001636; rev:5;)

Added 2008-01-25 10:03:39 UTC

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg: "ET DOS squ1rt Apache DoS?"; flow: to_server,established; flowbits:isset,http.get; dsize: 1448; content:"|20202020|"; depth: 4; content:"|20202020|"; offset: 1436; depth: 4; reference:cve,2004-0942; classtype: attempted-dos; sid: 2001636; rev:5;)

Added 2008-01-25 10:03:39 UTC

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg: "BLEEDING-EDGE DOS squ1rt Apache DoS?"; flow: to_server,established; flowbits:isset,http.get; dsize: 1448; content:"|20202020|"; depth: 4; content:"|20202020|"; offset: 1436; depth: 4; reference:cve,2004-0942; classtype: attempted-dos; sid: 2001636; rev:4; )