[Snort-users] Rules not working?
j.weber at ...8292...
Thu Jun 5 03:34:02 EDT 2003
> I Snort - from the command line using no rules - for 10 seconds and
> then check the output log for the IP that I am launching the attach
> from and I see 18,205 UDP packets.
> I would assume that SNORT should pick up the UDP flood, but for some
> reason the rules aren't picking them up. I am using the rules that
> are provided at http://www.snort.org/dl/rules/ from a month ago.
If I understand you correctly, you'r trying to use SNORT to notify you
in case an UDP flood starts. That's correct? In that case, have a look
at the discussion found in  where Matt Kettler gives a nice summary
about this topic.
T: (0681) 8 80 08 - 0
F: (0681) 8 80 08 - 59
E: j.weber at ...8292...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Snort-users