Re: tcp syn flood attack

[Russ Combs <rcombs () sourcefire com>]

Snort 2.4 is out of date.  The latest Snort includes a rate-based attack
detection capability that addresses syn floods.  Have you tried downloading
the tarball from snort.org and building an inline version?

Russ

On Sun, Jun 13, 2010 at 6:42 PM, black_angel black_angel <
black.sad.angel () gmail com> wrote:

> Hello everybody
> my snort inline 2.4 can't detect a syn flood attack using hping3 if someone
> can help me please to write a rule to avoid this attack
> tnx
>
>
> ------------------------------------------------------------------------------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users