[Snort-users] FW: Snort & DoS

Tony Reusser treusser at ...15879...
Mon Oct 15 12:13:20 EDT 2012


Alex,

 

In my experience, what you are looking for is already in there.  I just run
the standard VRT rules, SO rules and ET rules.  I'm new to this, but already
in the past month, I've discovered several DoS situations that I've been
able to mitigate with ACLs and firewall rules.

 

                -tkr

 

From: Alex Adamos [mailto:alexthakidadam at ...125...] 
Sent: Monday, October 15, 2012 9:49 AM
To: snort user list
Subject: [Snort-users] Snort & DoS

 

Hi to all,

i was trying to figure out what Snort can do with DoS attacks. Is there any
mechanism, either signature-based or anomaly-based or preprocessor-based,
either from Snort itself or from 3rd party projects to detect (or just alert
if there is any potential of a such attack) any of the most common DoS
attacks as SYN flood, ping floods, e-mail bombing, UDP DoS??

Alex.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121015/4d5d08b3/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00052.txt
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121015/4d5d08b3/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT00055.txt
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121015/4d5d08b3/attachment-0001.txt>


More information about the Snort-users mailing list