UDP flood to service DST port 565 limited | Attack UDP traffic on destination port 565 Whoami | - Exhaust bandwidth and computational resources of the attacked host;
- denial of service
|
---|
UDP flood to service DST port 1194 limited | UDP attack on destination port 1194 OpenVPN | Exhaustion of bandwidth and computational resources of the attacked host, denial of service |
---|
NTP Monlist Response | Reflected and amplified UDP traffic from source port 123 (NTP Moonlist response vulnerability) | Bandwidth exhaustion |
---|
SSDP Reflection | Reflected and amplified UDP traffic from source-port 1900 (SSDP and UPnP vulnerability) | Bandwidth exhaustion |
---|
Empty UDP data | Attacking client IP address with empty UDP datagrams Empty UDP Flood | Increasing victim's network utilization |
---|
Memcache | Reflected and amplified UDP traffic from source port 11211 (Memcache vulnerability).port 11211 (Memcache vulnerability) | Bandwidth exhaustion |
---|
SSRP Reflection | Reflected and amplified UDP traffic attack from source port 1434 SSRP (SQL Server Resolution Protocol) | Bandwidth exhaustion |
---|
WSD Reflection | Reflected and amplified UDP traffic attack from source-port 11211 (Memcache vulnerability) | Bandwidth exhaustion |
---|
Net Assistant Reflection | Reflected and amplified UDP traffic from source port 3283 (Apple Network Assistant vulnerability) | Bandwidth exhaustion |
---|
LowShadyPorts/Reflection flood to server limited | Reflected and amplified UDP traffic from source ports: - 19 CHARGEN (Character Generator);
- 111 SUNRPC (Sun Remote Procedure Call);
- 137 NETBIOS-NS (NetBIOS Name Service);
- 161 SNMP (Simple Network Management Protocol);
- 389 LDAP (Lightweight Directory Access Protocol);
- 520 ROUTER (used by routing protocols such as RIP)
| Bandwidth exhaustion |
---|
Custom UDP amplifications | Reflected and amplified UDP traffic attack from source ports: - 37810 DHCPDiscover for DVR devices;
- 10074 TP240PhoneHome (Mitel systems);
- 37020 SADP (Hikvision)
| Bandwidth exhaustion |
---|
Custom UDP amplifications3 | Attack by reflected and amplified UDP traffic from source-port 37021 SADP (Hikvision) | Bandwidth exhaustion |
---|
Query Response/DNS query response reflection flood to server limited | DNS Response attack with traffic from public DNS servers with source port 53 UDP DNS and flags from DNSSEC extension set: - DNS Signature;
- DNS Signature Recursive
| Bandwidth exhaustion |
---|
Source Port 53/UDP source port 53 reflection flood to server limited | Attack by reflected and amplified UDP traffic from source-UDP DNS port 53 | Bandwidth exhaustion |
---|
Source Port 4500/UDP source port 4500 reflection flood to server limited | Reflected and amplified UDP traffic from source port 4500 | Bandwidth exhaustion |
---|
Any Source Port/UDP source port reflection flood to server limited | Attack by UDP-high volume traffic from a specific source port to any destination port on client IP | Bandwidth exhaustion |
---|
RST/TCP RST reflection flood to server limited | Attack with TCP RST flagged traffic from a specific source port to any destination port on client IP | - Exhaustion of computational resources of the attacked host;
- disruption of TCP connection support on the attacked host (or group of hosts)
|
---|
SYN/ACK/TCP SYN/ACK reflection flood to server limited | Attack with TCP RST flagged traffic from a specific source port to any destination port on the client IP | Exhaustion of network and computing resources of the attacked host |
---|
PSH/ACK/ACK/TCP PSH/ACK reflection flood to server limited | Attack with TCP-traffic with TCP RST or TCP PSH flags set from a specific source port to any destination port of the client IP | Exhaustion of computational resources of the attacked host |
---|
Failed Reflectors/ICMP Server flood to server limited | Attack of the client host by a large amount of ICMP response traffic from public servers, provoked by specific attacker's requests to public servers for UDP port availability, but with source address spoofing to client address | Exhaustion of bandwidth and computational resources of the attacked host |
---|
UDP flood to service DST port 53 limited | Attack by UDP traffic to destination port 53 DNS | - Exhaustion of bandwidth and computational resources of the attacked host;
- denial of service
|
---|
Any Destination Port/UDP service flood to a server port limited | High volume UDP traffic attack on any arbitrary victim port | - Bandwidth exhaustion;
- denial of service
|
---|
Any Type/ICMP/ICMPv6 service flood to a server limited | High volume arbitrary ICMP traffic (including ICMPv6) attack on a specific destination-client port | Exhaustion of bandwidth and computational resources of the attacked host |
---|
SYN/TCP SYN to a server port limited | Attack with TCP traffic with TCP SYN flag set to a specific destination port of the client IP | - Exhaustion of network and computational resources of the attacked host;
- disruption of TCP connection establishment on the attacked host
|
---|
RST/TCP RST to a server port limited | Attack by TCP traffic with TCP RST flag set to a specific destination port of the client IP | - Exhaustion of computing resources of the attacked host;
- disruption of TCP connection support on the attacked host or host group
|
---|
PSH/ACK/TCP PSH/ACK service flood to a server port limited | Attack with TCP RST/PSH flagged TCP traffic to a specific destination port on client IP | Exhaustion of computational resources of the attacked host |
---|
Any TCP/TCP to a server port limited | Attack with random TCP-high volume traffic to a specific client port | Exhaustion of computational resources of the attacked host and bandwidth |
---|
Fragment Under Attack/UDP server under attack fragment to server limited | Attack with fragmented UDP datagrams. Usually accompanies other types of UDP attacks | Bandwidth exhaustion |
---|
Any Port/UDP server flood to server limited | Attack with arbitrary high-volume UDP traffic in aggregate on any client port | Exhaustion of the attacked host's computational resources and bandwidth |
---|
Any Type/ICMP server flood to server limited | Attack with high-volume arbitrary ICMP traffic, including ICMPv6, any destination port of the client | Bandwidth and computational resources of the attacked host exhausted |
---|
SYN/TCP SYN to server address limited | Attack with TCP traffic with TCP SYN flag set to any destination port of the client IP | - Network and computational resources of the attacked host exhausted;
- disruption of TCP connection establishment on the attacked host
|
---|
RST/TCP RST to server address limited | Attack by TCP traffic with TCP RST flag set to any destination port of client IP | - Exhaustion of computational resources of the attacked host;
- Disruption of TCP connection support on the attacked host or host group
|
---|
Any TCP/TCP to server address limited | Attack with arbitrary high-volume TCP traffic in aggregate on any destination port of the client | Exhaustion of network, computational resources of the attacked host and bandwidth |
---|
IP protocol Any IP protocol Any IP protocol server flood to server limited | Attack with arbitrary high-volume IP traffic in aggregate on all transport protocols and all ports | Exhaustion of network and computational resources of the attacked host, computational resources of the attacked host and bandwidth |
---|
Flex Fragment/Flex matched IP fragment to destination IP under attack | Rule defining blocking of IP packet fragments for hosts that are already under attack. Accompanies other types of attacks | - |
---|