Home page logo

snort logo Snort mailing list archives

"UDP flood rules"
From: "Dan Mahoney, System Admin" <danm () prime gushi org>
Date: Wed, 18 May 2005 18:42:59 -0400 (EDT)

Hey all. Are there any hard and fast rulesets to detect floods of udp traffic to a single port, say, without ACKs coming back?

Let me know.

-Dan Mahoney


"there is no loyalty in the business, so we stay away from things that piss people off"

-The Boss, November 12, 2002

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org

This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
  • "UDP flood rules" Dan Mahoney, System Admin (May 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]