[Snort-users] LAND, TearDrop, Flooding attacks

Baoqing Ye baoqing at ...115...
Thu Jul 20 16:32:48 EDT 2000


Max Vision wrote:

> On Thu, 20 Jul 2000, Baoqing Ye wrote:
> >   Can anyone tell me if or not the Snort (1.6) is able to detect :
> > 1)Land attack, 2)TearDrop/Tear attack, and 3)flooding attacks, such as
> > Smurf or pure Ping-flooding attacks?
> >
> >   >
> Your guesses are correct - each of the attacks consist of more than a
> single packet, and therefor are not easily identified using a typical
> signature.  I would suggest a DoS plugin or integration with the
> degragger, as there are about a dozen unique fragmentation-based DoS
> attacks.
> Max
>

So I guess the answer is "no" (?) - current Snort version can't detect them.

-Baoqing






More information about the Snort-users mailing list