jidolong at ...3111...
Thu Jul 14 07:09:00 EDT 2005
I am a Snort user. I used the latest version 2.3.3 and found the rule 499
is not able to detect the ping of death attaks in the 1998 DARPA training
data, whose link is :
the labeled information is
I know rule 499 is supposed to detect such kind of attacks. I even tried
various values of 'dsize' in the rule. It seems the rule could not work
as expected. I cannot explain the results. So I report my issue and hope
you can check it. Thanks very much for your attention.
More information about the Snort-sigs