'Re: [Snort-sigs] DDoS Rule'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    Re: [Snort-sigs] DDoS Rule
From:       "Joel Esler (jesler)" <jesler () cisco ! com>
Date:       2015-02-09 0:54:26
Message-ID: 5A3B3F6D-0910-49FE-BF79-D33A39ECCE9C () cisco ! com
[Download RAW message or body]

That's a large request.  I'd begin by taking a look at the existing Ruleset=
 for "denial-of-service"

--
Joel Esler
Sent from my iPhone

On Feb 8, 2015, at 7:52 PM, Eugene Grama <eugene.grama@gmail.com<mailto:eug=
ene.grama@gmail.com>> wrote:

Hello,

Good day everyone, hope that everyone is doing fine.

I'm a newbie in snort, and still in learning process.

Can I ask for your kind advice on how I can setup a rule that will detect D=
DoS.

--
Thank you very much and Best regards,

Eugene
---------------------------------------------------------------------------=
---
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is you=
r
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net<mailto:Snort-sigs@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

[Attachment #3 (text/html)]

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body dir="auto">
<div>That's a large request. &nbsp;I'd begin by taking a look at the existing Ruleset \
for &quot;denial-of-service&quot;<br> <br>
<div>--</div>
<div><b>Joel Esler</b>&nbsp;</div>
Sent from my iPhone</div>
<div><br>
On Feb 8, 2015, at 7:52 PM, Eugene Grama &lt;<a \
href="mailto:eugene.grama@gmail.com">eugene.grama@gmail.com</a>&gt; wrote:<br> <br>
</div>
<blockquote type="cite">
<div>
<div dir="ltr">
<div>
<div>
<div>Hello,<br>
<br>
</div>
Good day everyone, hope that everyone is doing fine.<br>
<br>
</div>
I'm a newbie in snort, and still in learning process. <br>
<br>
</div>
Can I ask for your kind advice on how I can setup a rule that will detect DDoS.<br \
clear="all"> <div>
<div>
<div>
<div><br>
-- <br>
<div class="gmail_signature">
<div dir="ltr">Thank you very much and Best regards,
<div><br>
</div>
<div>Eugene</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div><span>------------------------------------------------------------------------------</span><br>
 <span>Dive into the World of Parallel Programming. The Go Parallel \
Website,</span><br> <span>sponsored by Intel and developed in partnership with \
Slashdot Media, is your</span><br> <span>hub for all things parallel software \
development, from weekly thought</span><br> <span>leadership blogs to news, videos, \
case studies, tutorials and more. Take a</span><br> <span>look and join the \
conversation now. <a href="http://goparallel.sourceforge.net/"> \
http://goparallel.sourceforge.net/</a></span></div> </blockquote>
<blockquote type="cite">
<div><span>_______________________________________________</span><br>
<span>Snort-sigs mailing list</span><br>
<span><a href="mailto:Snort-sigs@lists.sourceforge.net">Snort-sigs@lists.sourceforge.net</a></span><br>
 <span><a href="https://lists.sourceforge.net/lists/listinfo/snort-sigs">https://lists.sourceforge.net/lists/listinfo/snort-sigs</a></span><br>
 <span><a href="http://www.snort.org">http://www.snort.org</a></span><br>
<span></span><br>
<span></span><br>
<span>Please visit <a href="http://blog.snort.org">http://blog.snort.org</a> for the \
latest news about Snort!</span></div> </blockquote>
</body>
</html>


[Attachment #4 (--===============0863497586642212700==)]
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic