Signature Detail

Short Name	HTTP:UNUSUAL-REFERER
Severity	Medium
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Unusual Value In HTTP Referer Header
Release Date	2014/07/14
Update Number	2398
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Unusual Value In HTTP Referer Header

This signature detects unusual values for the "Referer" field in an HTTP request. Some malware will hard-code illegal or unusual values in their requests to Command & Control servers, while others will use such headers in their HTTP DDoS requests to victims. The source IP may be infected with a bot and should be investigated.

References

URL: http://en.wikipedia.org/wiki/HTTP_referer

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Unusual Value In HTTP Referer Header

References