[Snort-users] FW: Snort & DoS

Joel Esler jesler at ...1935...
Tue Oct 16 11:43:13 EDT 2012


Please remember to keep the Snort users mailing list in your address line.

Yes.  Snort has many features to be able to detect amounts of connections.  rate_filter is one of them, I suggest a look at README.filters in the doc/ directory of the tar ball.

or:

http://manual.snort.org/node19.html#SECTION00341000000000000000


On Oct 16, 2012, at 11:40 AM, Alex Adamos <alexthakidadam at ...125...> wrote:

> i want to see if snort can detect such attacks and how it works! if there is any such detection mechanism, which i didn't find (except the stream5_tcp lines about 5180). 
> 
> 
> 
> > Date: Tue, 16 Oct 2012 11:08:29 -0400
> > From: jesler at ...1935...
> > To: alexthakidadam at ...125...
> > CC: dandantheitman at ...11827...; snort-users at lists.sourceforge.net
> > Subject: Re: [Snort-users] FW: Snort & DoS
> > 
> > On Tue, Oct 16, 2012 at 05:26:26PM +0300, Alex Adamos wrote:
> > > 
> > > i'm not trying to deal with the attacks so much, i just want to see if and how Snort is dealing with these attacks itself! 
> > 
> > 
> > What do you think the end result should be? What are trying to achieve?
> > 
> > --
> > Joel Esler
> > Senior Research Engineer, VRT
> > OpenSource Community Manager
> > Sourcefire

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121016/f60592a3/attachment.html>


More information about the Snort-users mailing list