| Description: | | STUN protocol is a protocol for Network Address Translation (NAT) traversal, mainly used to support real-time communication in the environment of NAT. STUN supports sending using the UDP protocol, and the reliability of STUN request/response transactions is achieved by retransmitting the request message by the client application itself. The attacker makes use of the stateless mechanism of UDP to forge the attack target to request the STUN server, and uses the host that starts the service as the reflection source to carry out DDoS reflection attack, and realizes the camouflage and attack. This rule detects a large number of suspicious Binding Request requests in a short period of time, which indicates a possible ddos attack in the environment. |