[Snort-sigs] New sig for detecting NTPd DoS

rmkml rmkml at ...4129...
Fri Dec 2 15:14:10 EST 2016


Hi,

Please check a new sig for detecting NTPd DoS:

alert udp $EXTERNAL_NET any -> $HOME_NET 123 (msg:"MISC Ntp v4.2.7.p22 / v4.3.0 DoS attempt"; dsize:1; content:"X"; reference:cve,2016-7434; 
reference:url,cxsecurity.com/issue/WLB-2016110197; classtype:attempted-dos; sid:1; rev:1; )

Don't forget check variables.

Please send any comments.

Regards
@Rmkml




More information about the Snort-sigs mailing list