[Snort-sigs] HTTP Get Flood

Mohammad Rastgoo mohammad at ...4014...
Sat Feb 14 19:41:36 EST 2015


Thanks for reading this.

My site has been receiving attacks for a while now and I've been able to
stop them using snort + pfsense. Most of them were stopped just by using
uri-content in the rule.

Today I've been receiving Get attacks on the main page. It really seems too
simple but any rule I have tried has not blocked any IP addresses.

Would someone please guide me to the right direction?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20150214/4705ba2e/attachment.html>

More information about the Snort-sigs mailing list