[Snort-users] speedera rule
bryan.irvine at ...9066...
Mon Jul 7 11:33:23 EDT 2003
Just as a precaution the speedera rule, also happens to catch ping
floods. I was doing a test on a localhost and flooded it via ping -f
and got a 14 meg log file with about well over 2000 lines of speedera
(and some bad frag) warnings. This was duplicatable on a mandrake Linux
9.1 and OpenBSD 3.3.
At first I thought snort had a rule just for floods (speedera sounds
like it could mean flood to me ;-), until I read the description of it.
It's neat that the rule captures it but the documentation says it's not
harmful, perhaps this should be changed?
More information about the Snort-users