DoS
The DoS category contains events that are related to denial-of-service (DoS) attacks against services or hosts.
The following table describes the low-level event categories and associated severity levels for the DoS category.
Low-level event category |
Category ID |
Description |
Severity level (0 - 10) |
|---|---|---|---|
Unknown DoS Attack |
2001 |
Indicates an unknown DoS attack. |
8 |
ICMP DoS |
2002 |
Indicates an ICMP DoS attack. |
9 |
TCP DoS |
2003 |
Indicates a TCP DoS attack. |
9 |
UDP DoS |
2004 |
Indicates a UDP DoS attack. |
9 |
DNS Service DoS |
2005 |
Indicates a DNS service DoS attack. |
8 |
Web Service DoS |
2006 |
Indicates a web service DoS attack. |
8 |
Mail Service DoS |
2007 |
Indicates a mail server DoS attack. |
8 |
Distributed DoS |
2008 |
Indicates a distributed DoS attack. |
9 |
Misc DoS |
2009 |
Indicates a miscellaneous DoS attack. |
8 |
UNIX DoS |
2010 |
Indicates a UNIX DoS attack. |
8 |
Windows DoS |
2011 |
Indicates a Windows DoS attack. |
8 |
Database DoS |
2012 |
Indicates a database DoS attack. |
8 |
FTP DoS |
2013 |
Indicates an FTP DoS attack. |
8 |
Infrastructure DoS |
2014 |
Indicates a DoS attack on the infrastructure. |
8 |
Telnet DoS |
2015 |
Indicates a Telnet DoS attack. |
8 |
Brute Force Login |
2016 |
Indicates access to your system through unauthorized methods. |
8 |
High Rate TCP DoS |
2017 |
Indicates a high rate TCP DoS attack. |
8 |
High Rate UDP DoS |
2018 |
Indicates a high rate UDP DoS attack. |
8 |
High Rate ICMP DoS |
2019 |
Indicates a high rate ICMP DoS attack. |
8 |
High Rate DoS |
2020 |
Indicates a high rate DoS attack. |
8 |
Medium Rate TCP DoS |
2021 |
Indicates a medium rate TCP attack. |
8 |
Medium Rate UDP DoS |
2022 |
Indicates a medium rate UDP attack. |
8 |
Medium Rate ICMP DoS |
2023 |
Indicates a medium rate ICMP attack. |
8 |
Medium Rate DoS |
2024 |
Indicates a medium rate DoS attack. |
8 |
Low Rate TCP DoS |
2025 |
Indicates a low rate TCP DoS attack. |
8 |
Low Rate UDP DoS |
2026 |
Indicates a low rate UDP DoS attack. |
8 |
Low Rate ICMP DoS |
2027 |
Indicates a low rate ICMP DoS attack. |
8 |
Low Rate DoS |
2028 |
Indicates a low rate DoS attack. |
8 |
Distributed High Rate TCP DoS |
2029 |
Indicates a distributed high rate TCP DoS attack. |
8 |
Distributed High Rate UDP DoS |
2030 |
Indicates a distributed high rate UDP DoS attack. |
8 |
Distributed High Rate ICMP DoS |
2031 |
Indicates a distributed high rate ICMP DoS attack. |
8 |
Distributed High Rate DoS |
2032 |
Indicates a distributed high rate DoS attack. |
8 |
Distributed Medium Rate TCP DoS |
2033 |
Indicates a distributed medium rate TCP DoS attack. |
8 |
Distributed Medium Rate UDP DoS |
2034 |
Indicates a distributed medium rate UDP DoS attack. |
8 |
Distributed Medium Rate ICMP DoS |
2035 |
Indicates a distributed medium rate ICMP DoS attack. |
8 |
Distributed Medium Rate DoS |
2036 |
Indicates a distributed medium rate DoS attack. |
8 |
Distributed Low Rate TCP DoS |
2037 |
Indicates a distributed low rate TCP DoS attack. |
8 |
Distributed Low Rate UDP DoS |
2038 |
Indicates a distributed low rate UDP DoS attack. |
8 |
Distributed Low Rate ICMP DoS |
2039 |
Indicates a distributed low rate ICMP DoS attack. |
8 |
Distributed Low Rate DoS |
2040 |
Indicates a distributed low rate DoS attack. |
8 |
High Rate TCP Scan |
2041 |
Indicates a high rate TCP scan. |
8 |
High Rate UDP Scan |
2042 |
Indicates a high rate UDP scan. |
8 |
High Rate ICMP Scan |
2043 |
Indicates a high rate ICMP scan. |
8 |
High Rate Scan |
2044 |
Indicates a high rate scan. |
8 |
Medium Rate TCP Scan |
2045 |
Indicates a medium rate TCP scan. |
8 |
Medium Rate UDP Scan |
2046 |
Indicates a medium rate UDP scan. |
8 |
Medium Rate ICMP Scan |
2047 |
Indicates a medium rate ICMP scan. |
8 |
Medium Rate Scan |
2048 |
Indicates a medium rate scan. |
8 |
Low Rate TCP Scan |
2049 |
Indicates a low rate TCP scan. |
8 |
Low Rate UDP Scan |
2050 |
Indicates a low rate UDP scan. |
8 |
Low Rate ICMP Scan |
2051 |
Indicates a low rate ICMP scan. |
8 |
Low Rate Scan |
2052 |
Indicates a low rate scan. |
8 |
VoIP DoS |
2053 |
Indicates a VoIP DoS attack. |
8 |
Flood |
2054 |
Indicates a Flood attack. |
8 |
TCP Flood |
2055 |
Indicates a TCP flood attack. |
8 |
UDP Flood |
2056 |
Indicates a UDP flood attack. |
8 |
ICMP Flood |
2057 |
Indicates an ICMP flood attack. |
8 |
SYN Flood |
2058 |
Indicates a SYN flood attack. |
8 |
URG Flood |
2059 |
Indicates a flood attack with the urgent (URG) flag on. |
8 |
SYN URG Flood |
2060 |
Indicates a SYN flood attack with the urgent (URG) flag on. |
8 |
SYN FIN Flood |
2061 |
Indicates a SYN FIN flood attack. |
8 |
SYN ACK Flood |
2062 |
Indicates a SYN ACK flood attack. |
8 |