[Snort-users] Dos bufer overflow snort rule
msun489 at ...131...
Sat Jun 10 12:47:58 EDT 2017
Is this snort rule correct for detecting dos bufer overflow attack ? :
alert tcp !$HOME_NET any -> $HOME_NET 80 (flags: S; msg:"Possible TCP DoS"; flow: stateless; threshold: type both, track by_src, count 70, seconds 10; sid:10001;rev:1;)
And what is the tcp header features that included in Dos attack ? such as service type : http , port: 80 and the count , and what else ?
More information about the Snort-users