Add SNORT rules to my detection system

Question

Could any one give me some rules to test Snort (ARP,ICMP,TCP,UDP) and ensure that my system work properly against attacks like DOS or MITM.

score -1 · Answer 1 · answered Jun 18 '17 at 10:34

-1

alert tcp any any -> any any (flags: S; msg:" Possible TCP dos detection"; flow: stateless; detection_filter: track by_dst, count 1000, seconds 1; sid: 10004;rev:1;)

answered Jun 18 '17 at 10:34

Nisar Ahmed

1

Add SNORT rules to my detection system

1 Answers1