Snort mailing list archives
Snort tools for detecting, and alerting based on a DOS attack.
From: "George Walford" <gwalford () rackforce com>
Date: Thu, 10 Oct 2002 09:31:41 -0700
I am currently using Snort with ACID on my network, and it is great. However, I have had to reduce the number of rules that snort looks for otherwise ACID becomes overloaded (currently in the process of adding more sensors further down the network segments). One problem I am faced with however that ACID does not detect very well for my needs is a DoS or DDoS attack. With the amount of information in the ACID database an incoming DoS attack does not show up in the alerts for some time as it has to compete with previous history in the database. So, until it reaches dangerous proportions it is not detected. What I am asking is for a way to detect and alert the network staff to an incoming DoS attack in realtime, with a report including the attacking IP's and the target IP, and preferably bandwith used. Unfortunatly MRTG is not a solution in this case (we do have MRTG on the router). What would be the best tool to use with snort to accomplish this? --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.394 / Virus Database: 224 - Release Date: 10/3/2002 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort tools for detecting, and alerting based on a DOS attack. George Walford (Oct 10)