Bluehost.com Web Hosting $6.95

Re: [Snort-users] test a threshold rule, please?

This is a discussion on Re: [Snort-users] test a threshold rule, please? within the Snort forums, part of the System Security and Security Related category; The rule caused no problems for me in Snort 2.1.3 on Slackware Linux. > On Tue, 6 Jul ...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page Re: [Snort-users] test a threshold rule, please?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 07-06-2004
Syke
 
Posts: n/a
Default Re: [Snort-users] test a threshold rule, please?
The rule caused no problems for me in Snort 2.1.3 on Slackware Linux.

> On Tue, 6 Jul 2004 08:41:00 -0600, Rich Adamson <radamson@routers.com> wrote:
> >
> > Could someone test the following rule in either linux or win32, please?
> >
> > alert tcp $HOME_NET any -> any any (msg: "High SYN Traffic"; flags:S; threshold: type
> > threshold, track by_src, seconds 60, count 1; classtype:misc-activity; sid: 1000002;
> > rev:1;)
> >
> > I'm trying to determine whether the above might indicate be a bug in
> > linux, win32, or syntax error on my part. If I try the above rule in win32
> > (v2.2.0rc1 build 28), snort will not start due to an integer error reading
> > the rule. Inserting content:" "; offset:0; in the above allows snort to
> > start.
> >
> > Any help/suggestions would be greatly appreciated. Off-list comments are
> > fine if you'd like.
> >
> > Rich
> >
> > -------------------------------------------------------
> > This SF.Net email sponsored by Black Hat Briefings & Training.
> > Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> > digital self defense, top technical experts, no vendor pitches,
> > unmatched networking opportunities. Visit www.blackhat.com
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users@lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/...fo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.p...st=snort-users
> >
>


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 02:11 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0