jmartinsonAPERIAN.COM

• Next message: Mordechai Ovits: "snoop on a live telnet session?"
• Previous message: Young, Mike: "Cisco and ISS RealSecure"
• Maybe in reply to: Jacob Martinson: "Composite Patterns"
• Next in thread: Martin Roesch: "Re: Composite Patterns"
• Next in thread: Elliot Turner: "Re: Composite Patterns"
• Maybe reply: Jacob Martinson: "Re: Composite Patterns"
• Reply: Martin Roesch: "Re: Composite Patterns"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Could you write a rule that would detect n inbound udp packets per second?

-----Original Message-----
From: Martin Roesch [mailto:roeschmd.prestige.net]
Sent: Tuesday, November 28, 2000 10:24 AM
To: Jacob Martinson
Cc: FOCUS-IDSSECURITYFOCUS.COM
Subject: Re: Composite Patterns

Actually, Snort *does* do composite patterns within a single rule. Is this
what you're looking for, or are you talking about multi-rule composites?
Multi-rule composites is something that's in the works...

     -Marty

Jacob Martinson wrote:
>
> I am trying to find a decent NIDS that can detect fraggle, tfn, trinoo
etc.
> Snort doesn't do composite patterns at this point and NetRanger requires
> that you run OpenView on the management console (as far as I can tell).
> Does anyone have any recommendations?
>
> My ultimate goal is something that will alert me as quickly as possible
when
> we are experiencing a dos attack.
>
> Thanks for any input!
>
> Jacob Martinson
>
> ---
> BSD Unix - the first operating system with an IP stack.

--
Martin Roesch
roeschmd.prestige.net
http://www.snort.org

• Next message: Mordechai Ovits: "snoop on a live telnet session?"
• Previous message: Young, Mike: "Cisco and ISS RealSecure"
• Maybe in reply to: Jacob Martinson: "Composite Patterns"
• Next in thread: Martin Roesch: "Re: Composite Patterns"
• Next in thread: Elliot Turner: "Re: Composite Patterns"
• Maybe reply: Jacob Martinson: "Re: Composite Patterns"
• Reply: Martin Roesch: "Re: Composite Patterns"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]