[Snort-users] FW: Snort & DoS

Alex Adamos alexthakidadam at ...125...
Tue Oct 16 10:26:26 EDT 2012


i'm not trying to deal with the attacks so much, i just want to see if and how Snort is dealing with these attacks itself! 


Alex

From: dandantheitman at ...11827...
Date: Mon, 15 Oct 2012 14:28:17 -0400
To: treusser at ...15879...
CC: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] FW:  Snort & DoS

I run my snort boxen with iptables, and i find that running iptables /w 'tar pit' is great with dealing with DoS attacks, however I don't really subscribe to an IPS dealing /w DoS as a whole, as it takes it away from the IPS's primary function. 
Dan

Sent from my iPhone
On Oct 15, 2012, at 12:13, "Tony Reusser" <treusser at ...15879...> wrote:

Alex, In my experience, what you are looking for is already in there.  I just run the standard VRT rules, SO rules and ET rules.  I’m new to this, but already in the past month, I’ve discovered several DoS situations that I’ve been able to mitigate with ACLs and firewall rules.                 -tkr From: Alex Adamos [mailto:alexthakidadam at ...125...] 
Sent: Monday, October 15, 2012 9:49 AM
To: snort user list
Subject: [Snort-users] Snort & DoS Hi to all,

i was trying to figure out what Snort can do with DoS attacks. Is there any mechanism, either signature-based or anomaly-based or preprocessor-based, either from Snort itself or from 3rd party projects to detect (or just alert if there is any potential of a such attack) any of the most common DoS attacks as SYN flood, ping floods, e-mail bombing, UDP DoS??

Alex.------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news! 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121016/41dda486/attachment.html>


More information about the Snort-users mailing list