deadwalkin
|
Thursday, February 20, 2014
my server was lagging a slight bit and I go into the system logs and I find
alert udp any any -> any any (message:"Quake 3 DDoS amplification attack INBOUND"; content:"|ff ff ff ff 64 69 73 63 6f 6e 6e 65 63 74|"; nocase; offset:0; depth:14; sid:1000666; rev:1; )
0000000: ff ff ff ff 64 69 73 63 6f 6e 6e 65 63 74 ....disconnect
is this false positive? cause I notice this is ever log file I have
|