I have pcap file that from a user PC. I need to analyse wehther it has initialized a DOS attack to any server.
alert tcp any any -> any 8080 (msg:"DOS flood denial of service attempt"; flow:to_server; detection_filter:track by_dst, count 1000, seconds 60; sid:25101; rev:1;)
This will give any incoming attacks. But I need to find outgoing attaks. Is there a way to do this?
Thanks in advance.
Aucun commentaire:
Enregistrer un commentaire