[Snort-sigs] I need a rule for synk4.c attack

Chris Green cmg at ...435...
Thu Apr 11 07:18:27 EDT 2002

Ali BASEL <alib at ...505...> writes:

> Hi,

> But, I wonder why snort can not detect it when there is no FIN bit ?

A syn flooder is a rate limiting problem and is something we don't
detect very well at the moment that and the best you can do is do rate
std deviation of syns detected
> What should I do ?
> P.S.: If you want, I can send the program also (synk4.c).

yes please do so we can look at the source and see if it has any
problems that allow it to be detected easily.. 
Chris Green <cmg at ...435...>
Laugh and the world laughs with you, snore and you sleep alone.

More information about the Snort-sigs mailing list