Versions Compared

Old Version 2

changes.mady.by.user Borja Moro Moreno

Saved on

compared with

New Version Current

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This Alert Pack is a single alert for detecting DoS attacks used for testing a Port Scan Use Case.

Included alerts

Port Scan Detection

This alert detects an IP that is suspicious of doing a port scan attack in sending requests to more than 100 different ports in a period of 5 minutes.

Code Block
from firewall.juniper.ssg.traffic
where ispublic(srcIp)
where action = "Accept"
select str(srcIp) as sourceIP
group every 1m by sourceIP
every 1m
select hllppcount(dstPort) as dstPorthll
where dstPorthll >= 10
select round(dstPorthll) as dstPortRound

Prerequisites

When installed as part of the use case mentioned above, everything will be sorted automatically.

...