[Snort-users] LAND, TearDrop, Flooding attacks

Fyodor fygrave at ...121...
Thu Jul 20 16:19:07 EDT 2000


~ :  I am new to Snort tool. After having browsed the rule configuration
~ :with hundreds of lines, I couldn't find any keywords for the several
~ :attacks I was looking for. Maybe I was missing something.
~ :
~ :  Can anyone tell me if or not the Snort (1.6) is able to detect :
~ :1)Land attack, 2)TearDrop/Tear attack, and 3)flooding attacks, such as
~ :Smurf or pure Ping-flooding attacks?
~ :


for Land/TearDrop I think it is can-do with spp_defrag ( I think it can
already detect most of fragmentation attacks)
as for flooding it's hard to detect it until you deploy similar to
portscan detection tech. but here again: be awared a false positives.





More information about the Snort-users mailing list