[Snort-users] About rule setting

Damian Torres datorr2 at gmail.com
Wed Sep 27 08:27:44 EDT 2017


I would recommend looking at the Snort manual.  The option that does this
is called "detection_filter".


Warm Regards,

Damian Torres

On Sep 27, 2017 00:26, "Ryota Kurokawa" <r-kurokw at ist.osaka-u.ac.jp> wrote:


I recently started using snort.
I think that it is necessary to set rules when starting IDS mode and
recording packets. I was successful to catch icmp packets.
For example, can we record packets with a speed higher than a certain
speed, such as malicious traffic (such as ping bombs)?


Name: Kurokawa Ryota
mail: r-kurokw at ist.osaka-u.ac.jp

Snort-users mailing list
Snort-users at lists.snort.org
Go to this URL to change user options or unsubscribe:

Please visit http://blog.snort.org to stay current on all the latest Snort
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170927/4ae95bd9/attachment.html>

More information about the Snort-users mailing list