Snort mailing list archives

Re: FW: Snort & DoS

From: Joel Esler <jesler () sourcefire com>
Date: Tue, 16 Oct 2012 11:43:13 -0400

Please remember to keep the Snort users mailing list in your address line.

Yes.  Snort has many features to be able to detect amounts of connections.  rate_filter is one of them, I suggest a 
look at README.filters in the doc/ directory of the tar ball.

or:

http://manual.snort.org/node19.html#SECTION00341000000000000000


On Oct 16, 2012, at 11:40 AM, Alex Adamos <alexthakidadam () hotmail com> wrote:

i want to see if snort can detect such attacks and how it works! if there is any such detection mechanism, which i 
didn't find (except the stream5_tcp lines about 5180).

Date: Tue, 16 Oct 2012 11:08:29 -0400
From: jesler () sourcefire com
To: alexthakidadam () hotmail com
CC: dandantheitman () gmail com; snort-users () lists sourceforge net
Subject: Re: [Snort-users] FW: Snort & DoS

On Tue, Oct 16, 2012 at 05:26:26PM +0300, Alex Adamos wrote:


i'm not trying to deal with the attacks so much, i just want to see if and how Snort is dealing with these 
attacks itself!



What do you think the end result should be? What are trying to achieve?

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort & DoS Alex Adamos (Oct 15)
- <Possible follow-ups>
- FW: Snort & DoS Tony Reusser (Oct 15)
  - Re: FW: Snort & DoS dandantheitman (Oct 15)
    - Re: FW: Snort & DoS Alex Adamos (Oct 16)
    - Re: FW: Snort & DoS Joel Esler (Oct 16)
    - Message not available
    - Re: FW: Snort & DoS Joel Esler (Oct 16)