Snort mailing list archives
Re: ping flood
From: Chris Green <cmg () uab edu>
Date: 17 Aug 2001 13:52:25 -0500
Avi Norowitz <avi () ulag net> writes:
Hello, Is there any way to get snort to pick up old fashion ping floods? iplog picked up ping floods fine, but snort seems more flexible ... but it doesn't seem to hear ping floods by default.
This is one of those things that would best be done as a tally counter in a preprocessor plugin. Unfortunately, theres nothing like that written as of now. You could log ICMP packets but you'd log every packet of a ping flood and you'd rather just know when they exceeded a certain threshold. -- Chris Green <cmg () uab edu> This is my signature. There are many like it but this one is mine. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ping flood Avi Norowitz (Aug 17)
- RE: ping flood Ofir Arkin (Aug 17)
- Re: ping flood Avi Norowitz (Aug 17)
- RE: ping flood Ofir Arkin (Aug 17)
- Re: ping flood Avi Norowitz (Aug 18)
- Brazilian Snort List Alex Pinheiro Machado Rodrigues (Aug 19)
- Re: ping flood Avi Norowitz (Aug 17)
- RE: ping flood Ofir Arkin (Aug 17)