[Snort-users] FW: Snort & DoS
jesler at ...1935...
Tue Oct 16 11:43:13 EDT 2012
Please remember to keep the Snort users mailing list in your address line.
Yes. Snort has many features to be able to detect amounts of connections. rate_filter is one of them, I suggest a look at README.filters in the doc/ directory of the tar ball.
On Oct 16, 2012, at 11:40 AM, Alex Adamos <alexthakidadam at ...125...> wrote:
> i want to see if snort can detect such attacks and how it works! if there is any such detection mechanism, which i didn't find (except the stream5_tcp lines about 5180).
> > Date: Tue, 16 Oct 2012 11:08:29 -0400
> > From: jesler at ...1935...
> > To: alexthakidadam at ...125...
> > CC: dandantheitman at ...11827...; snort-users at lists.sourceforge.net
> > Subject: Re: [Snort-users] FW: Snort & DoS
> > On Tue, Oct 16, 2012 at 05:26:26PM +0300, Alex Adamos wrote:
> > >
> > > i'm not trying to deal with the attacks so much, i just want to see if and how Snort is dealing with these attacks itself!
> > What do you think the end result should be? What are trying to achieve?
> > --
> > Joel Esler
> > Senior Research Engineer, VRT
> > OpenSource Community Manager
> > Sourcefire
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users