Re: About rule setting

[Damian Torres via Snort-users <snort-users () lists snort org>]

Ryota,


I would recommend looking at the Snort manual.  The option that does this
is called "detection_filter".

http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node34.html#SECTION004710000000000000000


Warm Regards,

Damian Torres


On Sep 27, 2017 00:26, "Ryota Kurokawa" <r-kurokw () ist osaka-u ac jp> wrote:

Hi

I recently started using snort.
I think that it is necessary to set rules when starting IDS mode and
recording packets. I was successful to catch icmp packets.
For example, can we record packets with a speed higher than a certain
speed, such as malicious traffic (such as ping bombs)?

Thanks.

-- 
Name: Kurokawa Ryota
mail: r-kurokw () ist osaka-u ac jp

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!