| UDP flood to service DST port 565 limited | Attack by UDP traffic on destination port 565 Whoami | - Exhaustion of bandwidth and computational resources of the attacked host;
- Denial of service of the attacked application
|
|---|
| UDP flood to service DST port 1194 limited | UDP traffic attack on OpenVPN destination port 1194 | Exhaustion of bandwidth and computational resources of the attacked host, denial of service of the attacked application |
|---|
| NTP Monlist Response | Attack by reflected and amplified UDP traffic from source port 123 (NTP Moonlist response vulnerability) | Bandwidth exhaustion |
|---|
| SSDP Reflection | Attack by reflected and amplified UDP traffic from source port 1900 (SSDP and UPnP protocols vulnerability) | Bandwidth exhaustion |
|---|
| Empty UDP data | Attack of client IP address with empty UDP datagrams Empty UDP Flood | Increased utilization of the victim network |
|---|
| Memcache | Attack by reflected and amplified UDP traffic from source port 11211 (Memcache vulnerability) | Bandwidth exhaustion |
|---|
| SSRP Reflection | Attack with reflected and amplified UDP traffic from source port 1434 SSRP (SQL Server Resolution Protocol) | Bandwidth exhaustion |
|---|
| WSD Reflection | Attack by reflected and amplified UDP traffic from source port 11211 (Memcache vulnerability) | Bandwidth exhaustion |
|---|
| Net Assistant Reflection | Reflected and amplified UDP traffic from source port 3283 (Apple Network Assistant vulnerability) | Bandwidth exhaustion |
|---|
| LowShadyPorts/Reflection flood to server limited | Attack by reflected and amplified UDP traffic from source ports: - 19 CHARGEN (Character Generator);
- 111 SUNRPC (Sun Remote Procedure Call);
- 137 NETBIOS-NS (NetBIOS Name Service);
- 161 SNMP (Simple Network Management Protocol);
- 389 LDAP (Lightweight Directory Access Protocol);
- 520 ROUTER (used by routing protocols such as RIP)
| Bandwidth exhaustion |
|---|
| Custom UDP amplifications | Attack by reflected and amplified UDP traffic from source ports: - 37810 DHCPDiscover for DVR devices;
- 10074 TP240PhoneHome (Mitel systems);
- 37020 SADP (Hikvision)
| Bandwidth exhaustion |
|---|
| Custom UDP amplifications3 | Attack by reflected and amplified UDP traffic from SADP source port 37021 (Hikvision) | Bandwidth exhaustion |
|---|
| Query Response/DNS query response reflection flood to server limited | DNS Response attacks traffic from public DNS servers with source port 53 UDP DNS and flags set from the DNSSEC extension: - DNS Signature;
- DNS Signature Recursive
| Bandwidth exhaustion |
|---|
| Source Port 53/UDP source port 53 reflection flood to server limited | Attack by reflected and amplified UDP traffic from source port 53 UDP DNS | Bandwidth exhaustion |
|---|
| Source Port 4500/UDP source port 4500 reflection flood to server limited | Attack by reflected and amplified UDP traffic from source port 4500 | Bandwidth exhaustion |
|---|
| Any Source Port/UDP source port reflection flood to server limited | Attack with high volume UDP traffic from a specific source port to any destination port on the client IP | Bandwidth exhaustion |
|---|
| RST/TCP RST reflection flood to server limited | Attack TCP traffic with the TCP RST flag set from a specific source port to any destination port on the client IP | - Exhaustion of computational resources of the attacked host;
- disruption of TCP connection support on the attacked host (or group of hosts)
|
|---|
| SYN/ACK/TCP SYN/ACK reflection flood to server limited | Attack TCP traffic with the TCP RST flag set from a specific source port to any destination port on the client IP | Exhaustion of network and computing resources of the attacked host |
|---|
| PSH/ACK/TCP PSH/ACK reflection flood to server limited | Attack TCP traffic with TCP RST or TCP PSH flags set from a specific source port to any destination port on the client IP | Exhaustion of computational resources of the attacked host |
|---|
| Failed Reflectors/ICMP Server flood to server limited | Attacking a client host with a large volume of ICMP response traffic from public servers, triggered by specific requests from an attacker to public servers for UDP port availability, but spoofing the source address to a client address. | Exhaustion of bandwidth and computational resources of the attacked host |
|---|
| UDP flood to service DST port 53 limited | Attack by UDP traffic on destination port 53 DNS | - Exhaustion of bandwidth and computational resources of the attacked host;
- Denial of service of the attacked application
|
|---|
| Any Destination Port/UDP service flood to a server port limited | Attack with high volume UDP traffic to any arbitrary victim port | - Bandwidth exhaustion;
- Denial of service of the attacked application
|
|---|
| Any Type/ICMP/ICMPv6 service flood to server limited | Attack with arbitrary ICMP traffic (including ICMPv6) of large volume on a specific client destination port | Exhaustion of bandwidth and computational resources of the attacked host |
|---|
| SYN/TCP SYN to a server port limited | Attack by TCP traffic with TCP SYN flag set on a specific destination port of the client IP | - Exhaustion of network and computational resources of the attacked host;
- disruption of TCP connection establishment on the attacked host
|
|---|
| RST/TCP RST to a server port limited | Attack by TCP traffic with TCP RST flag set on a specific destination port of the client IP | - Exhaustion of computational resources of the attacked host;
- disruption of TCP connection support on the attacked host or host group
|
|---|
| PSH/ACK/TCP PSH/ACK service flood to a server port limited | Attack TCP traffic with TCP RST/PSH flags set on a specific destination port of the client IP | Exhaustion of computational resources of the attacked host |
|---|
| Any TCP/TCP to a server port limited | Attack with arbitrary TCP traffic of large volume on a specific client port | Exhaustion of the attacked host's computational resources and bandwidth |
|---|
| Fragment Under Attack/UDP server under attack fragment to server limited | Attack by fragmented UDP datagrams. Usually accompanies other types of UDP attacks | Bandwidth exhaustion |
|---|
| Any Port/UDP server flood to server limited | Attack with arbitrary UDP traffic of large volume cumulatively on any client port | Exhaustion of the attacked host's computational resources and bandwidth |
|---|
| Any Type/ICMP server flood to server limited | Attacking large amounts of arbitrary ICMP traffic, including ICMPv6, on any client destination port | Exhaustion of bandwidth and computational resources of the attacked host |
|---|
| SYN/TCP SYN to server address limited | Attack with TCP traffic with TCP SYN flag set on any destination port of client IP | - Exhaustion of network and computational resources of the attacked host;
- disruption of TCP connection establishment on the attacked host
|
|---|
| RST/TCP RST to server address limited | Attack with TCP traffic with TCP RST flag set on any destination port of client IP | - Exhaustion of computational resources of the attacked host;
- disruption of TCP connection support on the attacked host or host group
|
|---|
| Any TCP/TCP to server address limited | Attack with arbitrary TCP traffic of large volume in aggregate on any destination-port of the client | Exhaustion of network, computational resources of the attacked host and bandwidth |
|---|
| IP protocol Any IP protocol server flood to server limited | Attack with arbitrary IP traffic of large volume cumulatively by all transport protocols and all ports | Exhaustion of network, computational resources of the attacked host and bandwidth |
|---|
| Flex Fragment/Flex matched IP fragment to destination IP under attack | A rule that defines the blocking of IP packet fragments for hosts that are already under attack. Accompanies other types of attacks | - |
|---|