[Snort-sigs] Trying to detect a ping sweep

Aaron Evers secure.badger at ...2420...
Tue Apr 3 17:30:33 EDT 2012


Greetings,

I am trying to configure snort 2.9.1.2 to detect a variety of network
discovery traffic.  I'd like to be able to detect a ping sweep in the
following manner:  a source address sends icmp echo requests to x number of
unique destination addresses over x period of time.

For example, a host that sends 10 pings to a single destination address
over the course of 60 seconds does not generate an alert, but a host that
sends 10 pings, each to a different destination address over the course of
60 seconds does generate an alert.  Is this possible?  I haven't been able
to find a way with the online manual.

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20120403/615f79e9/attachment.html>


More information about the Snort-sigs mailing list