Snort mailing list archives
Re: tcp syn flood attack
From: Luis Daniel Lucio Quiroz <luis.daniel.lucio () gmail com>
Date: Mon, 14 Jun 2010 14:48:34 -0500
Ok, after reading ineed to drop a highg tcp syn flood, to my squid
is this rule fine or shall do other tunning
drop tcp any any > 10.1.1.100 3128 ( \
msg:”Squid sync flood”;
flow:established,to_server; \
detection_filter: track by_src, count 10, seconds 60; \
sid:1000001; rev:1;)
Reegards,
LD
Le lundi 14 juin 2010 11:58:54, Russ Combs a écrit :
That is documented in the Snort manual and in README.filters in the tarball. On Mon, Jun 14, 2010 at 12:43 PM, Luis Daniel Lucio Quiroz < luis.daniel.lucio () gmail com> wrote:in 2.8 how is this rule? Le lundi 14 juin 2010 10:51:44, Russ Combs a écrit :Snort 2.4 is out of date. The latest Snort includes a rate-based attack detection capability that addresses syn floods. Have you trieddownloadingthe tarball from snort.org and building an inline version? Russ On Sun, Jun 13, 2010 at 6:42 PM, black_angel black_angel < black.sad.angel () gmail com> wrote:Hello everybody my snort inline 2.4 can't detect a syn flood attack using hping3 if someone can help me please to write a rule to avoid this attack tnx------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------- ----- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- tcp syn flood attack black_angel black_angel (Jun 13)
- Re: tcp syn flood attack Russ Combs (Jun 14)
- Re: tcp syn flood attack Luis Daniel Lucio Quiroz (Jun 14)
- Re: tcp syn flood attack Russ Combs (Jun 14)
- Re: tcp syn flood attack Luis Daniel Lucio Quiroz (Jun 14)
- Re: tcp syn flood attack Russ Combs (Jun 14)
- Re: tcp syn flood attack Luis Daniel Lucio Quiroz (Jun 14)
- Re: tcp syn flood attack Russ Combs (Jun 14)
- Re: tcp syn flood attack Luis Daniel Lucio Quiroz (Jun 14)
- Re: tcp syn flood attack Russ Combs (Jun 14)