HIDS 30122

From Atomicorp Wiki
Revision as of 15:49, 17 December 2013 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Rule ID

30122

Status

Active rule currently published


Description

This rule detects when multiple HIDS_30113 events occur. Specifically, this rule will shun if 10 30113 events occur from the same IP address within 60 seconds.

Certain DOS attacks use this method to use up all file handles in use on the system.

False Positives

None.

Tuning Recommendations

None.

Personal tools