""ET DOS Inbound GoldenEye DoS attack""
SID: 2018208
Revision: 1
Class Type: denial-of-service
Metadata: created_at 2014_03_05, updated_at 2020_04_28
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HTTP_SERVERS
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "/?" Depth: 2
-
Value: "="
-
Value: "Keep|2d|Alive|3a|"
-
Value: "Connection|3a| keep|2d|alive"
-
Value: "Cache|2d|Control|3a|"
-
Value: "Accept|2d|Encoding|3a|"
Within: 11
PCRE: "/^Cache-Control\x3a\x20(?:max-age=0|no-cache)\r?$/Hm"
Special Options:
-
fast_pattern
-
http_uri
-
http_uri
-
http_header
-
http_header
-
http_header
-
http_header