Snort mailing list archives
Dos bufer overflow snort rule
From: moon sun via Snort-users <snort-users () lists sourceforge net>
Date: Sat, 10 Jun 2017 16:47:58 +0000 (UTC)
Hello, Is this snort rule correct for detecting dos bufer overflow attack ? : alert tcp !$HOME_NET any -> $HOME_NET 80 (flags: S; msg:"Possible TCP DoS"; flow: stateless; threshold: type both, track by_src, count 70, seconds 10; sid:10001;rev:1;) And what is the tcp header features that included in Dos attack ? such as service type : http , port: 80 and the count , and what else ? Thanks ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Dos bufer overflow snort rule moon sun via Snort-users (Jun 10)
- Re: Dos bufer overflow snort rule wkitty42 (Jun 11)