In this attack, the attacker is using a new code that generates GET attacks to more than one victim pages. Attached, is a pcap file: type_11_attack_signature.pcap which captures attack packet sample from these bots.
When you open this file and sort the packets based on Source IP, you will see that the attackers programmed the bots to visit 3 pages, repeatedly and in random sequences. In addition, most bots also varies their User Agent and Country/Language see more codes, making detection of these bots much more difficult. Fortunately, we were able to train our device to recognize these variations and successfully mitigate the attack.
In this attack, the attacker is using a new code that generates GET attacks to more than one victim pages. Attached, is a pcap file: type_11_attack_signature.pcap which captures attack packet sample from these bots.
When you open this file and sort the packets based on Source IP, you will see that the attackers programmed the bots to visit 3 pages, repeatedly and in random sequences. In addition, most bots also varies their User Agent and Country/Language see more