Is it possible to flag these exploit attempts? From the look of things, it seems reasonable to think that the connection information in conn.log could be used to trace this, do to the very particular way it hands syn/ack requests.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| detect Ack flooding attack | 2 | 76 | May 6, 2022 | |
| ESP Traffic | 1 | 131 | May 6, 2022 | |
| Scanner and victim reverse condition in scan.zeek | 3 | 156 | May 6, 2022 | |
| zeek performance with some events activated | 4 | 100 | May 6, 2022 | |
| Detection of packets with no TCP flags set | 5 | 144 | May 6, 2022 |