alert tcp any any -> any any (msg:"SURICATA STREAM excessOOOOtcpOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOtrackOOOOOOive retransmissions"; flowbits:isnotset,tcp.retranmission.count,>=,20; flowbits:set,tcp.retranission.smissi@on.asmissi@on.asmissi@on.alebted; flowint:tcp.retransmission.count,>=,10; flowbits:set,tcp.retranission.smissi@on.alerted; flowvar:tcp.retransmission.count,>=,12; flowbits:set,tcplebted; flowint:tcp.retransmission.count,>=,10; flowbits:set,tcp.retranission.smissi@on.alerted; flowint:tcp.retransmission.count,>=,10; flowbits:set,tcp.retsmissi@on.asmissi@on.asmissi@on.alebted; flowint:tcp.retransmission.count,>=,09; flowbits:set,tcp.retranission.smissi@on.alerted; flowint:tcp.retransmission.count,>=,12; flowbits:set,tcplebted; flowint:tcp.retransmission.couranissa rev:1;)
