[Snort-users] I am a newbie

Fabien Delmotte fdelmotte1 at ...3027...
Fri Jan 3 05:36:38 EST 2014


Hello

I am using snort 2.9.2.2

I am trying to setup a rule for UDP flow
# DOS-UDP Flooding Attack RULE
#alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"UDP_Flood Attack!!!!!"; threshold:type threshold, track by_src, count 3, seconds 20; sid:1000001; rev:1;)

alert udp any any -> any any (msg:"UDP_Flood Attack!!!!!";sid:1000001;)

#alert icmp any any -> anyT any (msg:"ICMP testing"; sid:10000001;)

I am sending UDP packet (I done a TCPDUMP)

I also removed all the rule in the snort.conf file, I just let my rule :)

Any comment ?

Regards

Fabien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140103/1184517a/attachment.html>


More information about the Snort-users mailing list