""ET DOS DNS Amplification Attack Possible Inbound Windows Non-Recursive Root Hint Reserved Port""
SID: 2023053
Revision: 2
Class Type: bad-unknown
Metadata: attack_target Server, created_at 2016_08_12, deployment Datacenter, performance_impact Low, updated_at 2016_08_12
Reference:
Protocol: udp
Source Network: $EXTERNAL_NET
Source Port: 53
Destination Network: $HOME_NET
Destination Port: 1:1023
Flow:
Contents:
-
Value: "|81 00 00 01 00 00|" Depth: 6 Offset: 2
-
Value: "|0c|root-servers|03|net|00|"
-
Value: "|0c|root-servers|03|net|00|"
Within:
PCRE:
Special Options: