[Snort-devel] TTL & Byte rate limit

Al Lewis (allewi) allewi at ...3461...
Tue Jun 2 13:17:57 EDT 2015


Hello,

                Have you tried creating a rule that matches your logic, then threshold the number of hits on that rule?

Rule threshold section  -----> http://manual.snort.org/node35.html


Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...3461...

From: Cahit Eyigünlü [mailto:cahit.eyigunlu at ...3577...]
Sent: Monday, June 01, 2015 7:24 PM
To: Snort-devel at lists.sourceforge.net
Subject: [Snort-devel] TTL & Byte rate limit

We are under a type of spoofed attack. And we need to protect to destination server. We decide that to block packet size on same ttl , but is there any way to build a rule to rate limit data bytes from same TTL  ?

[Image removed by sender. SPDNet Telekomünikasyon  A.S. Logo]<http://https:/www.spd.net.tr/>


Cahit Eyigünlü
SPDNet Telekomünikasyon A.S.
+908508409773
75. Yl Mahallesi 5301 Sk No:24/A - MANSA 45100
[Image removed by sender. WebsiteGB]<http://https:/www.spd.net.tr/>   [Image removed by sender. email] <mailto:cahit.eyigunlu at ...3577...>    [Image removed by sender. :inkedIn button] <http://https:/www.linkedin.com/company/spdnet>    [Image removed by sender. Twitter button] <https://twitter.com/NetSpd>    [Image removed by sender. Facebook button] <https://www.facebook.com/SpdNetTR>



Bu e-posta kişiye özel olup, gizli bilgiler içeriyor olabilir. Eğer bu e-posta size yanlışlıkla ulaşmışsa, içeriğini hiç bir şekilde kullanmayınız ve ekli dosyaları açmayınız. Bu e-posta virüslere karşı anti-virüs sistemleri tarafından taranmıştır. Ancak SPDNET, bu e-postanın - virüs koruma sistemleri ile kontrol ediliyor olsa bile - virüs içermediğini garanti etmez ve meydana gelebilecek zararlardan doğacak hiçbir sorumluluğu kabul etmez.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150602/7cde2efc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 548 bytes
Desc: image001.jpg
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150602/7cde2efc/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 347 bytes
Desc: image002.jpg
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150602/7cde2efc/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 344 bytes
Desc: image003.jpg
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150602/7cde2efc/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 335 bytes
Desc: image004.jpg
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150602/7cde2efc/attachment-0003.jpg>


More information about the Snort-devel mailing list