Snort mailing list archives
Re: Rules not working?
From: Joerg Weber <j.weber () infos de>
Date: 05 Jun 2003 12:33:56 +0200
Hi Erik,
I Snort - from the command line using no rules - for 10 seconds and then check the output log for the IP that I am launching the attach from and I see 18,205 UDP packets. I would assume that SNORT should pick up the UDP flood, but for some reason the rules aren't picking them up. I am using the rules that are provided at http://www.snort.org/dl/rules/ from a month ago.
If I understand you correctly, you'r trying to use SNORT to notify you in case an UDP flood starts. That's correct? In that case, have a look at the discussion found in [0] where Matt Kettler gives a nice summary about this topic. Cheers, Joerg [0] http://marc.theaimsgroup.com/?l=snort-users&m=105059432005195&w=2 -- Joerg Weber Network Security infoServe GmbH Nell-Breuning-Allee 6 D-66115 Saarbruecken T: (0681) 8 80 08 - 0 F: (0681) 8 80 08 - 59 www.infos.de E: j.weber () infos de
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Rules not working? Erik Tank (Jun 05)
- Re: Rules not working? Joerg Weber (Jun 05)
- Re: Rules not working? Matt Kettler (Jun 05)