HTTP: Dirt Jumper C&C Communication
This signature detects command and control traffic generated by the Dirt Jumper DDoS bot. Dirt Jumper can be used to perform distributed denial of service attacks against a large number of victims at once.
References
URL: http://asert.arbornetworks.com/2011/08/dirt-jumper-caught/ https://snort.org/rule_docs/1-25893 https://snort.org/rule_docs/1-25894 https://snort.org/rule_docs/1-25881 https://snort.org/rule_docs/1-25879 https://snort.org/rule_docs/1-25874 https://snort.org/rule_docs/1-25887 https://snort.org/rule_docs/1-25892 https://snort.org/rule_docs/1-25878 https://snort.org/rule_docs/1-25885 https://snort.org/rule_docs/1-25875 https://snort.org/rule_docs/1-25889 https://snort.org/rule_docs/1-25877 https://snort.org/rule_docs/1-25888 https://snort.org/rule_docs/1-25884 https://snort.org/rule_docs/1-25891
Short Name
HTTP:DOS:DIRTJUMPER
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
C&C Communication Dirt Jumper
Release Date
10/27/2011
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3337
False Positive
Unknown