how to write dynamic rules?

This is a discussion on how to write dynamic rules? within the Snort forums, part of the System Security and Security Related category; can I do that in Snort 2.3? First rule to detect outbound email attachment from a particular source IP ...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page how to write dynamic rules?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 05-26-2005
yc lin
 
Posts: n/a
Default how to write dynamic rules?
can I do that in Snort 2.3?

First rule to detect outbound email attachment from a particular source
IP address x.

Second rule and Third rule triggered by the first rule

2nd rule: detect port scan from source IP x within 30 minutes, if
detected, then alert

3rd rule: detect multiple port connection from source IP x on a
particular port within 30 minutes , and if the number exceeds the
threshold (e.g. 50 connections), then alert

Thanks

Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 09:35 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0