[Snort-users] Packet Contents using IDS Mode

Tay Chee Yong tcy at ...8934...
Fri May 2 03:14:53 EDT 2003


Hi all,

A couple of questions:

1) May I know what should be configured if I need to log the contents of packets
into the alert file? (Can't seems to find any info from the archive)

2) For example, if I were to specify a rule in the snort.conf to detect TCP SYNC
Attacks, is there any snort function that is able to detect the attack when a
certain threshold is met?

Any advise is appreciated.

Thanks.

Regards,
Cheeyong





More information about the Snort-users mailing list