Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [sonrt-user]About rule options

From: Mayur Patil <ram.nath241089 () gmail com>
Date: Thu, 26 Sep 2013 16:22:06 +0530
Hello Joel Sir,

    I have looked for your solution but when I am generating rules by
parsing through rule generator I am getting error.

    I want to use count, seconds to detect DoS Attack

    As the following example parses effectively

   alert tcp 10.1.1.4 any -> 10.1.1.1 any (msg:"RAM";
content:"TAGMYPACKETS"; classtype:attempted-dos;
flow:to_server,established; sid:100001;
    rev:1; )

    but if I add count,seconds it does not work. I also tried with *tag*option

   alert tcp 10.1.1.4 any -> 10.1.1.1 any (msg:"RAM";
content:"TAGMYPACKETS"; classtype:attempted-dos;
flow:to_server,established; sid:100001;
    rev:1; count:50; seconds:1)

Please help me to solve this problem !!

Seeking for guidance

Thanks !!


P.S.: I have also search through Snort Manual but did not get hint.
*
--
*
*Cheers,
*
*Mayur*.

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: