[Snort-users] LAND, TearDrop, Flooding attacks

Baoqing Ye baoqing at ...115...
Thu Jul 20 15:26:04 EDT 2000


Hi, there,

  I am new to Snort tool. After having browsed the rule configuration
with hundreds of lines, I couldn't find any keywords for the several
attacks I was looking for. Maybe I was missing something.

  Can anyone tell me if or not the Snort (1.6) is able to detect :
1)Land attack, 2)TearDrop/Tear attack, and 3)flooding attacks, such as
Smurf or pure Ping-flooding attacks?

   My guess is Land could be eaiser because it has obvious signature. To
detect Tear and its variant versions it needs to do reassemblly or
similar checking (stateful); it's more difficult. Flooding attacks have
no obvious signatures purely from single packet analysis but to count
the amount of packets targeting to certain node.

Any responses will be appreciated.

-Baoqing






More information about the Snort-users mailing list