[Snort-users] LAND, TearDrop, Flooding attacks
baoqing at ...115...
Thu Jul 20 16:32:48 EDT 2000
Max Vision wrote:
> On Thu, 20 Jul 2000, Baoqing Ye wrote:
> > Can anyone tell me if or not the Snort (1.6) is able to detect :
> > 1)Land attack, 2)TearDrop/Tear attack, and 3)flooding attacks, such as
> > Smurf or pure Ping-flooding attacks?
> > >
> Your guesses are correct - each of the attacks consist of more than a
> single packet, and therefor are not easily identified using a typical
> signature. I would suggest a DoS plugin or integration with the
> degragger, as there are about a dozen unique fragmentation-based DoS
So I guess the answer is "no" (?) - current Snort version can't detect them.
More information about the Snort-users