""ET SCAN Apache mod_deflate DoS via many multiple byte Range values""
SID: 2013473
Revision: 3
Class Type: attempted-dos
Metadata: created_at 2011_08_26, updated_at 2011_08_26
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "Range|3a|"
-
Value: "bytes="
-
Value: ","
-
Value: ","
-
Value: ","
-
Value: !"|0d 0a|"
Within: 12
PCRE: "/Range\x3a\s?bytes=[-0-9,\x20]{100}/iH"
Special Options:
-
nocase
-
http_header
-
http_header
-
fast_pattern
-
nocase
-
http_header
-
http_header
-
http_header
-
http_header