Is it possible to count SYN and ACK flags separately in a single rule in Snort?
I want to write a rule for Snort to detect lost traffic in the network. Is it possible to write a rule that, by combining two flags, SYN and ACK, it declares that if the number of SYNs to the server exceeds a certain number, but at the sam… Continue reading Is it possible to count SYN and ACK flags separately in a single rule in Snort?