Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Doubt about rule at Snort

From: Jader Friderichs Vieira <jaderfv () yahoo com br>
Date: Fri, 7 Oct 2016 19:30:36 +0000 (UTC)
Hello, I'm making a study about the rules of Snort and the tool Weka Data Mining together.

So, I do not have experience with Snort and I'd like to helps to create a rule. I'm using two fundamental attributes to 
my project.

Same_srv_rate  =% of connections to the same service

The first question, How could I get this ? because there is a calculation to get this result and I did not find the 
form to make this.

2 flag - I need a flag that tell me, went to request connection (ack), the server responded (SYN ACK), but it did not 
received the ack, the third message to get the connection like in the syn attack flood.


Is there any way I can do this using rule?
Thank's 

Jáder



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: