[Snort-users] About detection fileter
r-kurokw at ist.osaka-u.ac.jp
Tue Nov 14 07:28:18 EST 2017
I am using Snort 2.9.
I have written the following rules.
alert icmp 192.168.37.231 any -> 192.168.37.236 any
(msg: "ICMP traffic once a second"; detection_filter: track by_src,
seconds 1; classtype: attempted-dos; priority: 1; sid: 1000001;)
In the above rule, it detects that it receives 10 packets a second. This
I have one question.
For example, what happens if I receive a packet 15 times per second?
Is the remaining 5 ignored?
Or will it count in the next second?
More information about the Snort-users