On Mon, 2002-12-23 at 08:17, gideon barus wrote: > Dear All, > > I have intalled Firestorm-0.5.1. I already read the > README file! > > I run synflood program to Firestorm-0.5.1. How can I > see the alert or report of the Attacker?? > I can't see the report at > /var/firestorm/firestorm.log. Check secition 0x6 of the README, it should be in alert.elog, use the 'firecat' tool to view the data. FYI. The snort rules contain no signature for SYN flooding, in fact thats not really possible with snort signatures. To test the functionality you may be better with something like stick or snort. Or perhaps just look at the signatures and use telnet to try to reproduce it. What is needed is a module for detecting possible synfloods by alerting when a set connections/second threshold is reached. This could be used generally to detect most kinds of DoS attack... HTH -- // Gianni Tedesco (gianni at ecsc dot co dot uk) lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
Attachment:
signature.asc
Description: This is a digitally signed message part