[Snort-sigs] question

Jidong Long jidolong at ...3111...
Thu Jul 14 07:09:00 EDT 2005

I am a Snort user. I used the latest version 2.3.3 and found the rule 499 
is not able to detect the ping of death attaks in the 1998 DARPA training 
data, whose link is :
the labeled information is

I know rule 499 is supposed to detect such kind of attacks. I even tried 
various values of 'dsize' in the rule. It seems the rule could not work 
as expected. I cannot explain the results. So I report my issue and hope 
you can check it. Thanks very much for your attention.



More information about the Snort-sigs mailing list