Tag
Ollama Model Exfiltration Attempt Detection
2 rules 1 TTPThis brief describes detection of potential data exfiltration attempts targeting Ollama model metadata and configuration endpoints by adversaries repeatedly querying specific API endpoints to extract sensitive model information.
Ollama Abnormal Network Connectivity Detected
2 rules 1 TTPThis detection identifies unusual network patterns and connection problems within Ollama, encompassing unauthorized API access attempts beyond localhost and warning-level network errors like DNS lookup failures, TCP connection issues, or host resolution problems, which can signal network-based attacks, unauthorized access, or infrastructure reconnaissance.
Ollama Server Possible RCE via Malicious Model Loading
2 rules 1 TTPThe detection identifies potential remote code execution attempts on Ollama servers through malicious model loading by monitoring error messages and failure patterns during model loading operations, which could indicate malicious model injection, path traversal attempts, or exploitation of model loading mechanisms, leading to arbitrary code execution on the server.
Ollama Resource Exhaustion via Memory Abuse
2 rules 1 TTPThis brief covers a technique to detect resource exhaustion attacks against Ollama servers by monitoring abnormal memory allocation and runner operations, potentially leading to denial of service or performance degradation.
Ollama API Prompt Injection and Jailbreak Attempts
1 ruleDetects potential prompt injection and jailbreak attempts against Ollama API endpoints by identifying requests with abnormally long response times, indicative of attackers crafting complex prompts to bypass AI safety controls.
Ollama API Endpoint Scan Reconnaissance
1 rule 1 TTPDetects potential reconnaissance activity against Ollama servers by identifying sources probing multiple API endpoints within short timeframes, indicative of attackers mapping the API surface for vulnerabilities.
Ollama Abnormal Service Crash Availability Attack
2 rules 1 TTPThis detection identifies abnormal service crashes, fatal errors, and process terminations in Ollama, potentially indicating exploitation, resource exhaustion, or denial-of-service attacks aimed at disrupting AI model availability and degrading system stability.
Ollama API DDoS/Rate Limit Abuse Detection
2 rules 1 TTPThis detection identifies potential DDoS attacks or rate limit abuse against Ollama API endpoints by detecting excessive request volumes from individual client IP addresses.