Snort mailing list archives

Re: Rules not working?

From: Joerg Weber <j.weber () infos de>
Date: 05 Jun 2003 12:33:56 +0200

Hi Erik,

I Snort - from the command line using no rules - for 10 seconds and
then check the output log for the IP that I am launching the attach
from and I see 18,205 UDP packets.
 
I would assume that SNORT should pick up the UDP flood, but for some
reason the rules aren't picking them up.  I am using the rules that
are provided at http://www.snort.org/dl/rules/ from a month ago.


If I understand you correctly, you'r trying to use SNORT to notify you
in case an UDP flood starts. That's correct? In that case, have a look
at the discussion found in [0] where Matt Kettler gives a nice summary
about this topic.


Cheers,

Joerg

[0] http://marc.theaimsgroup.com/?l=snort-users&m=105059432005195&w=2

-- 
Joerg Weber
Network Security

infoServe GmbH
Nell-Breuning-Allee 6
D-66115 Saarbruecken

T: (0681) 8 80 08 - 0
F: (0681) 8 80 08 - 59
www.infos.de
E: j.weber () infos de

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Rules not working? Erik Tank (Jun 05)
- Re: Rules not working? Joerg Weber (Jun 05)
- Re: Rules not working? Matt Kettler (Jun 05)