""ET DOS Possible SSDP Amplification Scan in Progress""
SID: 2019102
Revision: 1
Class Type: attempted-dos
Metadata: created_at 2014_09_03, updated_at 2014_09_03
Reference:
Protocol: udp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: 1900
Flow:
Contents:
-
Value: "M-SEARCH * HTTP/1.1"
-
Value: "ST|3a 20|ssdp|3a|all|0d 0a|"
Within:
PCRE:
Special Options:
-
nocase
-
fast_pattern