HTTP Get Flood

[Mohammad Rastgoo <mohammad () synapti ca>]

Hi,

Thanks for reading this.

My site has been receiving attacks for a while now and I've been able to
stop them using snort + pfsense. Most of them were stopped just by using
uri-content in the rule.

Today I've been receiving Get attacks on the main page. It really seems too
simple but any rule I have tried has not blocked any IP addresses.

Would someone please guide me to the right direction?

Thanks

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!