Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ping flood

From: Chris Green <cmg () uab edu>
Date: 17 Aug 2001 13:52:25 -0500
Avi Norowitz <avi () ulag net> writes:


Hello,

Is there any way to get snort to pick up old fashion ping floods? iplog
picked up ping floods fine, but snort seems more flexible ... but it
doesn't seem to hear ping floods by default.


This is one of those things that would best be done as a tally counter
in a preprocessor plugin.  Unfortunately, theres nothing like that
written as of now.

You could log ICMP packets but you'd log every packet of a ping flood
and you'd rather just know when they exceeded a certain threshold.
-- 
Chris Green <cmg () uab edu>
This is my signature. There are many like it but this one is mine.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: