[Snort-users] Re: snort can't find SYN FLOOD attack?
fly_lee_2001 at ...131...
Thu Mar 8 22:11:35 EST 2001
Thank u, Crist.
yup,my snort is working properly but SF
in my snort.conf:
preprocessor minfrag: 128
preprocessor portscan: $HOME_NET 4 3 /var/log/syslog
And all *.rules were included in snort.conf.I am sure
that there is no problem in my configuration. I have
tried nmap and its scans were picked up by snort in my
How can i do now?Any help would be greatly
--- Crist Clark <crist.clark at ...1515...> wrote:
> "Ð¡Àî·Éµ¶" wrote:
> > hi all,
> > I am using snort 1.7 now. It works excellent but I
> regret to find snort can't detect SYN Flood
> > [root at ...1516... snort-1.7]./snort -D -c snort.conf
> -N -s
> Is that a default snort.conf? I noticed you are
> sending alerts to
> syslog. Is that all working properly?
> > [root at ...1517... apsend-1.57]./apsend -s 0 -d
> 10.1.5.10 -p 80 -sf
> You have verified that this is all working right?
> The Snort host
> can see the traffic?
> > my snort was deaf-and-dumb to these SF attacks.
> The portscan preprocessor should pick them up. It is
> still enabled in
> your configuration?
> > Any comment/advice ?
> The snort-users at lists.sourceforge.net would be a
> much better place to
> pose your question and to continue the thread.
> Crist J. Clark
> Network Security Engineer
> crist.clark at ...1518...
> Globalstar, L.P.
> (408) 933-4387 FAX:
> (408) 933-4926
> The information contained in this e-mail message is
> intended only for the use of the individual or
> entity named above. If
> the reader of this e-mail is not the intended
> recipient, or the employee
> or agent responsible to deliver it to the intended
> recipient, you are
> hereby notified that any review, dissemination,
> distribution or copying
> of this communication is strictly prohibited. If
> you have received this
> e-mail in error, please contact
postmaster at ...1518...
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
More information about the Snort-users