Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TTL & Byte rate limit

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Tue, 2 Jun 2015 17:17:57 +0000
Hello,

                Have you tried creating a rule that matches your logic, then threshold the number of hits on that rule?

Rule threshold section  -----> http://manual.snort.org/node35.html


Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com

From: Cahit Eyigünlü [mailto:cahit.eyigunlu () spd net tr]
Sent: Monday, June 01, 2015 7:24 PM
To: Snort-devel () lists sourceforge net
Subject: [Snort-devel] TTL & Byte rate limit

We are under a type of spoofed attack. And we need to protect to destination server. We decide that to block packet 
size on same ttl , but is there any way to build a rule to rate limit data bytes from same TTL  ?

[Image removed by sender. SPDNet Telekomünikasyon  A.S. Logo]<http://https:/www.spd.net.tr/>


Cahit Eyigünlü
SPDNet Telekomünikasyon A.S.
+908508409773
75. Yl Mahallesi 5301 Sk No:24/A - MANSA 45100
[Image removed by sender. WebsiteGB]<http://https:/www.spd.net.tr/>   [Image removed by sender. email] 
<mailto:cahit.eyigunlu () spd net tr>    [Image removed by sender. :inkedIn button] 
<http://https:/www.linkedin.com/company/spdnet>    [Image removed by sender. Twitter button] 
<https://twitter.com/NetSpd>    [Image removed by sender. Facebook button] <https://www.facebook.com/SpdNetTR>



Bu e-posta kişiye özel olup, gizli bilgiler içeriyor olabilir. Eğer bu e-posta size yanlışlıkla ulaşmışsa, içeriğini 
hiç bir şekilde kullanmayınız ve ekli dosyaları açmayınız. Bu e-posta virüslere karşı anti-virüs sistemleri tarafından 
taranmıştır. Ancak SPDNET, bu e-postanın - virüs koruma sistemleri ile kontrol ediliyor olsa bile - virüs içermediğini 
garanti etmez ve meydana gelebilecek zararlardan doğacak hiçbir sorumluluğu kabul etmez.


------------------------------------------------------------------------------

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: