[Snort-users] Rules not working?

Joerg Weber j.weber at ...8292...
Thu Jun 5 03:34:02 EDT 2003


Hi Erik,

> I Snort - from the command line using no rules - for 10 seconds and
> then check the output log for the IP that I am launching the attach
> from and I see 18,205 UDP packets.
>  
> I would assume that SNORT should pick up the UDP flood, but for some
> reason the rules aren't picking them up.  I am using the rules that
> are provided at http://www.snort.org/dl/rules/ from a month ago.

If I understand you correctly, you'r trying to use SNORT to notify you
in case an UDP flood starts. That's correct? In that case, have a look
at the discussion found in [0] where Matt Kettler gives a nice summary
about this topic.


Cheers,

Joerg

[0] http://marc.theaimsgroup.com/?l=snort-users&m=105059432005195&w=2

-- 
Joerg Weber
Network Security

infoServe GmbH
Nell-Breuning-Allee 6
D-66115 Saarbruecken

T: (0681) 8 80 08 - 0
F: (0681) 8 80 08 - 59
www.infos.de
E: j.weber at ...8292...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030605/a9349436/attachment.sig>


More information about the Snort-users mailing list