[Snort-sigs] Trying to detect a ping sweep
secure.badger at ...2420...
Tue Apr 3 17:30:33 EDT 2012
I am trying to configure snort 184.108.40.206 to detect a variety of network
discovery traffic. I'd like to be able to detect a ping sweep in the
following manner: a source address sends icmp echo requests to x number of
unique destination addresses over x period of time.
For example, a host that sends 10 pings to a single destination address
over the course of 60 seconds does not generate an alert, but a host that
sends 10 pings, each to a different destination address over the course of
60 seconds does generate an alert. Is this possible? I haven't been able
to find a way with the online manual.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs