Snort mailing list archives
Re: About rule setting
From: Damian Torres via Snort-users <snort-users () lists snort org>
Date: Wed, 27 Sep 2017 08:27:44 -0400
Ryota, I would recommend looking at the Snort manual. The option that does this is called "detection_filter". http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node34.html#SECTION004710000000000000000 Warm Regards, Damian Torres On Sep 27, 2017 00:26, "Ryota Kurokawa" <r-kurokw () ist osaka-u ac jp> wrote: Hi I recently started using snort. I think that it is necessary to set rules when starting IDS mode and recording packets. I was successful to catch icmp packets. For example, can we record packets with a speed higher than a certain speed, such as malicious traffic (such as ping bombs)? Thanks. -- Name: Kurokawa Ryota mail: r-kurokw () ist osaka-u ac jp _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- About rule setting Ryota Kurokawa (Sep 26)
- Re: About rule setting Damian Torres via Snort-users (Sep 27)