[Snort-sigs] Doubt about rule at Snort

Jader Friderichs Vieira jaderfv at ...1470...
Fri Oct 7 15:30:36 EDT 2016

Hello, I'm making a study about the rules of Snort and the tool Weka Data Mining together.

So, I do not have experience with Snort and I'd like to helps to create a rule. I'm using two fundamental attributes to my project.

Same_srv_rate  =% of connections to the same service

The first question, How could I get this ? because there is a calculation to get this result and I did not find the form to make this.

2 flag - I need a flag that tell me, went to request connection (ack), the server responded (SYN ACK), but it did not received the ack, the third message to get the connection like in the syn attack flood.

Is there any way I can do this using rule?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161007/709c861c/attachment.html>

More information about the Snort-sigs mailing list