Snort mailing list archives
Reset Counters
From: "Bob McDowell" <bmcdowell () coxhealthplans com>
Date: Thu, 23 Jan 2003 14:56:27 -0600
Bring on the penalty drinks, but I need help. True or False: 'USER overflow' rules are triggered by the same IP passing too many 'USER' commands from the same IP within a specified amount of time. At first I thought this was how this worked. Testing certainly seemed to prove it out to be so. If this is the case, I need to allow more consecutive attempts before I sent a 'resp' packet. In researching the rule (specifically the FTP USER overflow rule) I can't find anything that relates to my observation. From looking at the rule, it seems to examine the content of each packet - and not have anything to do with the number of tries. Thus, confusion ensues. Any help would be greatly appreciated. Also anything written more clearly than the 'How to Write..' that might explain this would be great. Maybe I'm just tired, but it is giving me a headache. Bob McDowell IS Specialist Cox HealthPlans, LLC 417.269.2848
Current thread:
- Reset Counters Bob McDowell (Jan 23)
- Re: Reset Counters Matt Kettler (Jan 23)
- Re: Reset Counters Erek Adams (Jan 24)