High Volume of Threat Logs and DNS Any Queries Brute Force DOS attacks.

High Volume of Threat Logs and DNS Any Queries Brute Force DOS attacks.

0
Created On 09/26/18 13:55 PM - Last Modified 07/19/22 23:11 PM


Resolution


This threat signature detects when a DNS ANY denial-of-service attack has been detected. While an ANY request by itself may be normal traffic, it is possible for an attacker to perform a denial-of-service attack against a network using many ANY requests from spoofed sources.

Since many requests are generated during an attack, many threat alerts can in turn be generated. The Palo Alto Network's brute-force signature looks for 60 single queries in 60 seconds before it sends out an alert. Since this may still cause a large amount of alerts to be generated, the threshold before the alert is generated has been changed to 500 in 60 seconds. This change appears in the Palo Alto Applications and Threats version 318-x.s

owner: swhyte
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm0yCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail