[Snort-sigs] question

Jidong Long jidolong at ...3111...
Thu Jul 14 07:09:00 EDT 2005


Hi
I am a Snort user. I used the latest version 2.3.3 and found the rule 499 
is not able to detect the ping of death attaks in the 1998 DARPA training 
data, whose link is :
http://www.ll.mit.edu/IST/ideval/data/1998/training/week6/thursday/tcpdump.gz
the labeled information is
http://www.ll.mit.edu/IST/ideval/data/1998/training/week6/thursday/tcpdump.list.gz

I know rule 499 is supposed to detect such kind of attacks. I even tried 
various values of 'dsize' in the rule. It seems the rule could not work 
as expected. I cannot explain the results. So I report my issue and hope 
you can check it. Thanks very much for your attention.

Regards!

Jidong






More information about the Snort-sigs mailing list