[Snort-users] letdown, dos attempt not detecting

Russ Combs rcombs at ...1935...
Tue Dec 11 11:52:15 EST 2012


On Tue, Dec 11, 2012 at 11:45 AM, Leonardo Pezente <lmpezente at ...11827...>wrote:

> im testing snort attacking it with a tool called "letdown".it is a tcp
> floder. The think is: im not able to detect what could be a potencial dos
> attack.
> Letdown generate like 65000 syn packets, so this should be detect fot
> snort. I have uncomment the dos and ddos rules, but no deal. so im tring to
> create a rule to detct this kind of traffic. Is that possible? any idea how
> i can do that?
>

Check out Snort's README.filters.  There are rate_filter examples for 135:1
that you can start with.

>
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121211/02e32189/attachment.html>


More information about the Snort-users mailing list