Snort mailing list archives

Previous By Date Next
Previous By Thread Next

"UDP flood rules"

From: "Dan Mahoney, System Admin" <danm () prime gushi org>
Date: Wed, 18 May 2005 18:42:59 -0400 (EDT)
Hey all. Are there any hard and fast rulesets to detect floods of udp traffic to a single port, say, without ACKs coming back? 

Let me know.

-Dan Mahoney

--

"there is no loyalty in the business, so we stay away from things that piss people off"

-The Boss, November 12, 2002

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------



-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: