[Snort-users] About rule setting
datorr2 at gmail.com
Wed Sep 27 08:27:44 EDT 2017
I would recommend looking at the Snort manual. The option that does this
is called "detection_filter".
On Sep 27, 2017 00:26, "Ryota Kurokawa" <r-kurokw at ist.osaka-u.ac.jp> wrote:
I recently started using snort.
I think that it is necessary to set rules when starting IDS mode and
recording packets. I was successful to catch icmp packets.
For example, can we record packets with a speed higher than a certain
speed, such as malicious traffic (such as ping bombs)?
Name: Kurokawa Ryota
mail: r-kurokw at ist.osaka-u.ac.jp
Snort-users mailing list
Snort-users at lists.snort.org
Go to this URL to change user options or unsubscribe:
Please visit http://blog.snort.org to stay current on all the latest Snort
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users