Snort mailing list archives

Re: ping flood

From: Avi Norowitz <avi () ulag net>
Date: Sat, 18 Aug 2001 21:55:42 -0400

I think I know the answer to this, but do you know if/where I can get the filters/code for this? I'm a ... newbie. :-)

On Sat, 18 Aug 2001 01:14:18 +0200
"Ofir Arkin" <ofir () sys-security com> wrote:

Avi,

You will need to measure the number of ICMP datagrams received per X
seconds.

I guess a threshold is to be set so you will not receive falsely results
:)

Ofir

-- 
By reading this message you hereby agree to all concepts, statements,
ideas, and opinions contained within it's text.       http://ulag.net

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ping flood Avi Norowitz (Aug 17)
- RE: ping flood Ofir Arkin (Aug 17)
  - Re: ping flood Avi Norowitz (Aug 17)
    - RE: ping flood Ofir Arkin (Aug 17)
    - Re: ping flood Avi Norowitz (Aug 18)
    - Brazilian Snort List Alex Pinheiro Machado Rodrigues (Aug 19)
- Re: ping flood Chris Green (Aug 17)