Difference between revisions of "HIDS 30113"

From Atomicorp Wiki
Jump to: navigation, search
m
m
Line 11: Line 11:
  
 
This rule reports when Apache has completely rejected a connection from a client, and Apache has determined the method used is Invalid.  [[ASL]] does not cause this, this is simply a reporting rule, and disabling this rule will not prevent Apache from rejecting these invalid connections.
 
This rule reports when Apache has completely rejected a connection from a client, and Apache has determined the method used is Invalid.  [[ASL]] does not cause this, this is simply a reporting rule, and disabling this rule will not prevent Apache from rejecting these invalid connections.
 +
 +
This rule does not shun the offending IP by default.  Please see rule [[HIDS_30122]] which will shun multiple 30113 events from the same IP within a period of time.
  
 
Certain DOS attacks use this method to use up all file handles in use on the system.
 
Certain DOS attacks use this method to use up all file handles in use on the system.

Revision as of 14:48, 17 December 2013

Rule ID

30113

Status

Active rule currently published


Description

This rule reports when Apache has completely rejected a connection from a client, and Apache has determined the method used is Invalid. ASL does not cause this, this is simply a reporting rule, and disabling this rule will not prevent Apache from rejecting these invalid connections.

This rule does not shun the offending IP by default. Please see rule HIDS_30122 which will shun multiple 30113 events from the same IP within a period of time.

Certain DOS attacks use this method to use up all file handles in use on the system.

False Positives

None. This rule simply reports when Apache has rejected the connection because it is using an invalid method.


Tuning Recommendations

None.

Personal tools