Snort mailing list archives
Re: TTL & Byte rate limit
From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Tue, 2 Jun 2015 17:17:57 +0000
Hello, Have you tried creating a rule that matches your logic, then threshold the number of hits on that rule? Rule threshold section -----> http://manual.snort.org/node35.html Albert Lewis QA Software Engineer SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com From: Cahit Eyigünlü [mailto:cahit.eyigunlu () spd net tr] Sent: Monday, June 01, 2015 7:24 PM To: Snort-devel () lists sourceforge net Subject: [Snort-devel] TTL & Byte rate limit We are under a type of spoofed attack. And we need to protect to destination server. We decide that to block packet size on same ttl , but is there any way to build a rule to rate limit data bytes from same TTL ? [Image removed by sender. SPDNet Telekomünikasyon A.S. Logo]<http://https:/www.spd.net.tr/> Cahit Eyigünlü SPDNet Telekomünikasyon A.S. +908508409773 75. Yl Mahallesi 5301 Sk No:24/A - MANSA 45100 [Image removed by sender. WebsiteGB]<http://https:/www.spd.net.tr/> [Image removed by sender. email] <mailto:cahit.eyigunlu () spd net tr> [Image removed by sender. :inkedIn button] <http://https:/www.linkedin.com/company/spdnet> [Image removed by sender. Twitter button] <https://twitter.com/NetSpd> [Image removed by sender. Facebook button] <https://www.facebook.com/SpdNetTR> Bu e-posta kişiye özel olup, gizli bilgiler içeriyor olabilir. Eğer bu e-posta size yanlışlıkla ulaşmışsa, içeriğini hiç bir şekilde kullanmayınız ve ekli dosyaları açmayınız. Bu e-posta virüslere karşı anti-virüs sistemleri tarafından taranmıştır. Ancak SPDNET, bu e-postanın - virüs koruma sistemleri ile kontrol ediliyor olsa bile - virüs içermediğini garanti etmez ve meydana gelebilecek zararlardan doğacak hiçbir sorumluluğu kabul etmez.
------------------------------------------------------------------------------
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- TTL & Byte rate limit Cahit Eyigünlü (Jun 01)
- Re: TTL & Byte rate limit Al Lewis (allewi) (Jun 02)