ZEQ2.com

Content

ZEQ2-Lite Forum Index
Free Forum
strange activity?

strange activity?

Author	Message
deadwalkin	Thursday, February 20, 2014 my server was lagging a slight bit and I go into the system logs and I find alert udp any any -> any any (message:"Quake 3 DDoS amplification attack INBOUND"; content:"\|ff ff ff ff 64 69 73 63 6f 6e 6e 65 63 74\|"; nocase; offset:0; depth:14; sid:1000666; rev:1; ) 0000000: ff ff ff ff 64 69 73 63 6f 6e 6e 65 63 74 ....disconnect is this false positive? cause I notice this is ever log file I have

Author

Message

deadwalkin

Thursday, February 20, 2014

my server was lagging a slight bit and I go into the system logs and I find

alert udp any any -> any any (message:"Quake 3 DDoS amplification attack INBOUND"; content:"|ff ff ff ff 64 69 73 63 6f 6e 6e 65 63 74|"; nocase; offset:0; depth:14; sid:1000666; rev:1; )

0000000: ff ff ff ff 64 69 73 63 6f 6e 6e 65 63 74 ....disconnect

is this false positive? cause I notice this is ever log file I have

ZEQ2 Lite

Content

strange activity?

Thursday, February 20, 2014

Actions

Online [ 0 / 6125]