alert udp $EXTERNAL_NET any -> $HOME_NET 500 (msg: "[WATCHGUARD] IPv4 IPSEC flood attack was detected"; program: WatchGuard*; content: "msg_id=|22|3000-0156|22|"; parse_src_ip: 1; parse_dst_ip: 2; classtype: denial-of-service; reference:url,www.watchguard.com/help/docs/wsm/XTM_11/en-US/log_catalog/index.html; sid:5003059; rev: 1;)
-- Main.Sagan-Wiki-Add - 2017-3-20
New revisions of 5003059 will be below...