ws-discovery-dos

https://github.com/initconf/ws-discovery-dos
1 0 0 0 Last Push 10/7/19, 10:37 PM

Simple policy to detect ws-discovery DNS amplification attack

Following functionality are provided by the script

:: 1) identifies spoofed traffic and subsiquent DNS amplification attack 2) builds you a list of possible sources which are responding to 3072/udp DNS amplification attack

Installation

bro-pkg install bro/initconf/ws-discovery-dos or @load ws-discovery-dos/scripts

Detailed Notes:

Detail Alerts and descriptions: Following alerts are generated by the script:

Heuristics are simple: check for

This should generate following Kinds of notices:

Example notice:

Example Summary Notice:

Package Version :

Description :

udp-scan

Script Dir :

scripts

Test Command :

( cd tests && btest -d )

Tags :

DoS, scan, ws-discovery, toshiba, copiers, scanners

Package Checks :

License:
Info:
Found license 'COPYING'
Readme:
Info:
Found readme 'README.rst'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset: