[Snort-users] About rule setting

Damian Torres datorr2 at gmail.com
Wed Sep 27 08:27:44 EDT 2017


Ryota,


I would recommend looking at the Snort manual.  The option that does this
is called "detection_filter".

http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node34.html#SECTION004710000000000000000


Warm Regards,

Damian Torres


On Sep 27, 2017 00:26, "Ryota Kurokawa" <r-kurokw at ist.osaka-u.ac.jp> wrote:

Hi

I recently started using snort.
I think that it is necessary to set rules when starting IDS mode and
recording packets. I was successful to catch icmp packets.
For example, can we record packets with a speed higher than a certain
speed, such as malicious traffic (such as ping bombs)?

Thanks.

-- 
Name: Kurokawa Ryota
mail: r-kurokw at ist.osaka-u.ac.jp

_______________________________________________
Snort-users mailing list
Snort-users at lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170927/4ae95bd9/attachment.html>


More information about the Snort-users mailing list