[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: [Snort-users] Unable to detect port-specific DoS attack
From: Mayur Patil <ram.nath241089 () gmail ! com>
Date: 2013-08-27 11:51:13
Message-ID: CA+kVhsYaC8aNZtkpNLZGvw5NNKzLw=TT1tpshPYNLkUD4GmTSQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
I have written rule
alert tcp any any -> $HOME_NET 514 (msg:"DOS flood denial of service
attempt";flow:to_server; detection_filter:track by_dst, count 50, seconds
1;
metadata:service syslog; classtype:attempted-dos; sid:25101; rev:1;)
which generates alert for at random ports which are not on my lists..fine
But if I write port-specific it does not logging into alert file
alert tcp [192.168.21.1,192.168.21.2] any -> $HOME_NET 514 (msg:"DOS
flood denial of service attempt";flow:to_server; detection_filter:track
by_dst,
count 50, seconds 1; metadata:service syslog; classtype:attempted-dos;
sid:25101; rev:1;)
what actually am I missing??
Please help
Thanks !
--
*Cheers,
Mayur*
[Attachment #5 (text/html)]
<div dir="ltr"><div><div><div><div>Hi,<br><br></div> I have written rule <br><br> \
alert tcp any any -> $HOME_NET 514 (msg:"DOS flood denial of service <br> \
attempt";flow:to_server; detection_filter:track by_dst, count 50, seconds 1; \
<br> metadata:service syslog; classtype:attempted-dos; sid:25101; \
rev:1;)<br><br><br></div><div> which generates alert for at random ports which are \
not on my lists..fine<br><br></div><div> But if I write port-specific it does not \
logging into alert file<br> </div> alert tcp [192.168.21.1,192.168.21.2] any -> \
$HOME_NET 514 (msg:"DOS <br> flood denial of service \
attempt";flow:to_server; detection_filter:track by_dst, <br> count 50, \
seconds 1; metadata:service syslog; classtype:attempted-dos; <br> sid:25101; \
rev:1;)<br><br></div> what actually am I missing??<br><br></div> Please help<br><br> \
Thanks !<br><div><div> <br clear="all"><div><div><div><br>-- <br><div \
dir="ltr"><b>Cheers,<br>Mayur</b><br><div><br><br><br> </div></div>
</div></div></div></div></div></div>
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic