Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Dos bufer overflow snort rule

From: ‫moon sun‬ ‫ via Snort-users <snort-users () lists sourceforge net>
Date: Sat, 10 Jun 2017 16:47:58 +0000 (UTC)
Hello,
Is this snort rule correct for detecting dos bufer overflow attack ? :

alert tcp !$HOME_NET any -> $HOME_NET 80 (flags: S; msg:"Possible TCP DoS"; flow: stateless; threshold: type both, 
track by_src, count 70, seconds 10; sid:10001;rev:1;)

And what is the tcp header features that included in Dos attack ? such as  service type : http , port: 80  and the 
count , and what else ?
Thanks
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: