[Snort-sigs] speedera rule

Bryan Irvine bryan.irvine at ...1441...
Mon Jul 7 11:33:15 EDT 2003


Just as a precaution the speedera rule, also happens to catch ping
floods.  I was doing a test on a localhost and flooded it via ping -f
and got a 14 meg log file with about well over 2000 lines of speedera
(and some bad frag) warnings.  This was duplicatable on a mandrake Linux
9.1 and OpenBSD 3.3.

At first I thought snort had a rule just for floods (speedera sounds
like it could mean flood to me ;-), until I read the description of it. 
It's neat that the rule captures it but the documentation says it's not
harmful, perhaps this should be changed?

--Bryan





More information about the Snort-sigs mailing list