Difference between revisions of "HIDS 30122"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "'''Rule ID''' 30122 '''Status''' Active rule currently published '''Description''' This rule detects when multiple HIDS_30113 events occur. Specifically, this rule ...")
 

Latest revision as of 14:49, 17 December 2013

Rule ID

30122

Status

Active rule currently published


Description

This rule detects when multiple HIDS_30113 events occur. Specifically, this rule will shun if 10 30113 events occur from the same IP address within 60 seconds.

Certain DOS attacks use this method to use up all file handles in use on the system.

False Positives

None.

Tuning Recommendations

None.

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=HIDS_30122&oldid=4336"
Personal tools