[Snort-users] LAND, TearDrop, Flooding attacks

Baoqing Ye baoqing at ...115...
Thu Jul 20 15:26:04 EDT 2000

Hi, there,

  I am new to Snort tool. After having browsed the rule configuration
with hundreds of lines, I couldn't find any keywords for the several
attacks I was looking for. Maybe I was missing something.

  Can anyone tell me if or not the Snort (1.6) is able to detect :
1)Land attack, 2)TearDrop/Tear attack, and 3)flooding attacks, such as
Smurf or pure Ping-flooding attacks?

   My guess is Land could be eaiser because it has obvious signature. To
detect Tear and its variant versions it needs to do reassemblly or
similar checking (stateful); it's more difficult. Flooding attacks have
no obvious signatures purely from single packet analysis but to count
the amount of packets targeting to certain node.

Any responses will be appreciated.


More information about the Snort-users mailing list