Intrusion Detection with Snort

Attempted Denial of Service

The Attempted Denial of Service rule category encompasses all rules that detect DoS attacks. Rules that detect somewhat antiquated but relevant DoS attacks are included in this classification. An echo/chargen attack is an example:

alert udp any 19 <> any 7
(msg:"DOS UDP echo+chargen bomb"; classtype:attempted-dos;)

The denial of service condition that is detected by this signature is an echo/chargen service infinite loop. In this DoS attack, spoofed packets are used to start a infiniate loop to <rewrite>.

Other Attempted Denial of Service rules detect exceptional or unusual input delivered by an attacker with the intent to disable a system or service. By their nature, exceptional and unusual input conditions are ...

Get Intrusion Detection with Snort now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Intrusion Detection with Snort by Jack Koziol

Attempted Denial of Service

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly