Simple policy to detect Apple 3283/udp DoS attack Candidate

Following functionality are provided by the script

:: 1) identifies spoofed traffic and subsiquent DNS amplification attack 2) builds you a list of possible sources which are responding to 3283/udp DNS amplification attack with Apple RDP


bro-pkg install bro/initconf/Apple-RDP-net-assistant-DoS or @load Apple-RDP-net-assistant-DoS/scripts

Detailed Notes:

Detail Alerts and descriptions: Following alerts are generated by the script:

Heuristics are simple: check for

This should generate following Kinds of notices:

Example notice:

Example Summary Notice:

Package Version :