Snort mailing list archives
Re: [sonrt-user]About rule options
From: Mayur Patil <ram.nath241089 () gmail com>
Date: Thu, 26 Sep 2013 16:22:06 +0530
Hello Joel Sir, I have looked for your solution but when I am generating rules by parsing through rule generator I am getting error. I want to use count, seconds to detect DoS Attack As the following example parses effectively alert tcp 10.1.1.4 any -> 10.1.1.1 any (msg:"RAM"; content:"TAGMYPACKETS"; classtype:attempted-dos; flow:to_server,established; sid:100001; rev:1; ) but if I add count,seconds it does not work. I also tried with *tag*option alert tcp 10.1.1.4 any -> 10.1.1.1 any (msg:"RAM"; content:"TAGMYPACKETS"; classtype:attempted-dos; flow:to_server,established; sid:100001; rev:1; count:50; seconds:1) Please help me to solve this problem !! Seeking for guidance Thanks !! P.S.: I have also search through Snort Manual but did not get hint. * -- * *Cheers, * *Mayur*.
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- [sonrt-user]About rule options Mayur Patil (Sep 24)
- Re: [sonrt-user]About rule options Joel Esler (Sep 24)
- Re: [sonrt-user]About rule options Mayur Patil (Sep 26)
- Re: [sonrt-user]About rule options Russ Combs (Sep 26)
- Re: [sonrt-user]About rule options Mayur Patil (Sep 26)
- Re: [sonrt-user]About rule options Mayur Patil (Sep 26)
- Re: [sonrt-user]About rule options Joel Esler (Sep 24)