Snort mailing list archives
RE: ping flood
From: "Ofir Arkin" <ofir () sys-security com>
Date: Sat, 18 Aug 2001 01:14:18 +0200
Avi, You will need to measure the number of ICMP datagrams received per X seconds. I guess a threshold is to be set so you will not receive falsely results :) Ofir -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Avi Norowitz Sent: ? 17 ?????? 2001 20:43 To: Ofir Arkin Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] ping flood ping flood, as in: ping -f host :-) On Fri, 17 Aug 2001 13:26:58 +0200 "Ofir Arkin" <ofir () sys-security com> wrote:
Avi, It depends on your definition on "flood" and the ICMP datagrams used
for
that. What is your definition of "old fashion ping floods"? Ofir Arkin [ofir () sys-security com] Founder The Sys-Security Group http://www.sys-security.com PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Avi Norowitz Sent: ? 17 ?????? 2001 9:45 To: snort-users () lists sourceforge net Subject: [Snort-users] ping flood Hello, Is there any way to get snort to pick up old fashion ping floods?
iplog
picked up ping floods fine, but snort seems more flexible ... but it doesn't seem to hear ping floods by default. Thanks. -- By reading this message you hereby agree to all concepts, statements, ideas, and opinions contained within it's text. http://ulag.net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- By reading this message you hereby agree to all concepts, statements, ideas, and opinions contained within it's text. http://ulag.net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ping flood Avi Norowitz (Aug 17)
- RE: ping flood Ofir Arkin (Aug 17)
- Re: ping flood Avi Norowitz (Aug 17)
- RE: ping flood Ofir Arkin (Aug 17)
- Re: ping flood Avi Norowitz (Aug 18)
- Brazilian Snort List Alex Pinheiro Machado Rodrigues (Aug 19)
- Re: ping flood Avi Norowitz (Aug 17)
- RE: ping flood Ofir Arkin (Aug 17)