[Oisf-users] Inline problems with http_uri

Victor Julien lists at inliniac.net
Wed Oct 24 22:19:26 UTC 2012

On 10/24/2012 06:49 PM, Michael wrote:
> I noticed another "problem" running this setup:
> rule: drop ip any any -> any any (msg:"flood"; threshold: type both, track by_src, seconds 1, count 200;sid:2; rev:1;)
> i ran an simple udp flood on the target suricata logs that this rule hast triggered but the packets does not get dropped, the full flood hits the target.

Can you give me the command for generating the flood? Or better, can you
give a pcap containing the flood?

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list