Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

DoS

 

The DoS category contains events that are related to denial-of-service (DoS) attacks against services or hosts.

The following table describes the low-level event categories and associated severity levels for the DoS category.

Table 1: Low-level Categories and Severity Levels for the DoS Events Category

Low-level event category

Category ID

Description

Severity level (0 - 10)

Unknown DoS Attack

2001

Indicates an unknown DoS attack.

8

ICMP DoS

2002

Indicates an ICMP DoS attack.

9

TCP DoS

2003

Indicates a TCP DoS attack.

9

UDP DoS

2004

Indicates a UDP DoS attack.

9

DNS Service DoS

2005

Indicates a DNS service DoS attack.

8

Web Service DoS

2006

Indicates a web service DoS attack.

8

Mail Service DoS

2007

Indicates a mail server DoS attack.

8

Distributed DoS

2008

Indicates a distributed DoS attack.

9

Misc DoS

2009

Indicates a miscellaneous DoS attack.

8

UNIX DoS

2010

Indicates a UNIX DoS attack.

8

Windows DoS

2011

Indicates a Windows DoS attack.

8

Database DoS

2012

Indicates a database DoS attack.

8

FTP DoS

2013

Indicates an FTP DoS attack.

8

Infrastructure DoS

2014

Indicates a DoS attack on the infrastructure.

8

Telnet DoS

2015

Indicates a Telnet DoS attack.

8

Brute Force Login

2016

Indicates access to your system through unauthorized methods.

8

High Rate TCP DoS

2017

Indicates a high rate TCP DoS attack.

8

High Rate UDP DoS

2018

Indicates a high rate UDP DoS attack.

8

High Rate ICMP DoS

2019

Indicates a high rate ICMP DoS attack.

8

High Rate DoS

2020

Indicates a high rate DoS attack.

8

Medium Rate TCP DoS

2021

Indicates a medium rate TCP attack.

8

Medium Rate UDP DoS

2022

Indicates a medium rate UDP attack.

8

Medium Rate ICMP DoS

2023

Indicates a medium rate ICMP attack.

8

Medium Rate DoS

2024

Indicates a medium rate DoS attack.

8

Low Rate TCP DoS

2025

Indicates a low rate TCP DoS attack.

8

Low Rate UDP DoS

2026

Indicates a low rate UDP DoS attack.

8

Low Rate ICMP DoS

2027

Indicates a low rate ICMP DoS attack.

8

Low Rate DoS

2028

Indicates a low rate DoS attack.

8

Distributed High Rate TCP DoS

2029

Indicates a distributed high rate TCP DoS attack.

8

Distributed High Rate UDP DoS

2030

Indicates a distributed high rate UDP DoS attack.

8

Distributed High Rate ICMP DoS

2031

Indicates a distributed high rate ICMP DoS attack.

8

Distributed High Rate DoS

2032

Indicates a distributed high rate DoS attack.

8

Distributed Medium Rate TCP DoS

2033

Indicates a distributed medium rate TCP DoS attack.

8

Distributed Medium Rate UDP DoS

2034

Indicates a distributed medium rate UDP DoS attack.

8

Distributed Medium Rate ICMP DoS

2035

Indicates a distributed medium rate ICMP DoS attack.

8

Distributed Medium Rate DoS

2036

Indicates a distributed medium rate DoS attack.

8

Distributed Low Rate TCP DoS

2037

Indicates a distributed low rate TCP DoS attack.

8

Distributed Low Rate UDP DoS

2038

Indicates a distributed low rate UDP DoS attack.

8

Distributed Low Rate ICMP DoS

2039

Indicates a distributed low rate ICMP DoS attack.

8

Distributed Low Rate DoS

2040

Indicates a distributed low rate DoS attack.

8

High Rate TCP Scan

2041

Indicates a high rate TCP scan.

8

High Rate UDP Scan

2042

Indicates a high rate UDP scan.

8

High Rate ICMP Scan

2043

Indicates a high rate ICMP scan.

8

High Rate Scan

2044

Indicates a high rate scan.

8

Medium Rate TCP Scan

2045

Indicates a medium rate TCP scan.

8

Medium Rate UDP Scan

2046

Indicates a medium rate UDP scan.

8

Medium Rate ICMP Scan

2047

Indicates a medium rate ICMP scan.

8

Medium Rate Scan

2048

Indicates a medium rate scan.

8

Low Rate TCP Scan

2049

Indicates a low rate TCP scan.

8

Low Rate UDP Scan

2050

Indicates a low rate UDP scan.

8

Low Rate ICMP Scan

2051

Indicates a low rate ICMP scan.

8

Low Rate Scan

2052

Indicates a low rate scan.

8

VoIP DoS

2053

Indicates a VoIP DoS attack.

8

Flood

2054

Indicates a Flood attack.

8

TCP Flood

2055

Indicates a TCP flood attack.

8

UDP Flood

2056

Indicates a UDP flood attack.

8

ICMP Flood

2057

Indicates an ICMP flood attack.

8

SYN Flood

2058

Indicates a SYN flood attack.

8

URG Flood

2059

Indicates a flood attack with the urgent (URG) flag on.

8

SYN URG Flood

2060

Indicates a SYN flood attack with the urgent (URG) flag on.

8

SYN FIN Flood

2061

Indicates a SYN FIN flood attack.

8

SYN ACK Flood

2062

Indicates a SYN ACK flood attack.

8

Related Documentation