china DDos Agent Rule

alert tcp any any -> any any (msg:”Fuen yun 17.0 DDoS Agent Detection”; content:”sendtest”; dsize:8; classtype:high; cvss:70; gid:0,3; fsid:01090013;)
alert tcp any any -> any any (msg:”HwangChan DDoS Agent Detection”; content:”|11 00 00 00|”; depth:4; pcre:”/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/”; pcre:”/\x7c(icmp|http|syn|udp|tcp|luyon|cc|moni|mir)/”; classtype:high; cvss:70; gid:0,3; fsid:01090014;)
alert tcp any any -> any any (msg:”Yu2006 DDoS Agent Detection”; content:”MTIz”; dsize:4; classtype:high; cvss:70; gid:0,3; fsid:01090015;)

alert tcp any any -> any any (msg:”Fuen yun 17.0 DDoS Agent Detection”; content:”sendtest”; dsize:8; )

alert tcp any any -> any any (msg:”HwangChan DDoS Agent Detection”; content:”|11 00 00 00|”; depth:4; pcre:”/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/”; pcre:”/\x7c(icmp|http|syn|udp|tcp|luyon|cc|moni|mir)/”; )

alert tcp any any -> any any (msg:”Yu2006 DDoS Agent Detection”; content:”MTIz”; dsize:4; 😉

Advertisements

About this entry