Snort Rule Question Tags: Firewalls TCP/IP Networking Last response: November 23, 2009 5:22 PM in Networking Share tip120 November 20, 2009 3:12:52 AM How do I make this rule: # alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"SCAN nmap XMAS"; flow:stateless; flags:FPU,12; reference:arachnids,30; classtype:attempted-recon; sid:1228; rev:8;) So that it will generate alerts for the first two packets matching it's criteria, then ignore all the rest? More about : snort rule question tip120 November 20, 2009 4:18:57 AM Figured out how to do it using threshold, thanks anyway. tip120 November 23, 2009 5:20:01 PM Quote:Hi, I actually dont know about this but, this is what I was searching for and here I got a way of putting this rule through threshold. Thanks! Yep, you just add "threshold: type limit, track by_src, count 2, seconds 300;" to the options section of your rule to only display an alert twice every 300 seconds. Can't find your answer ? Ask ! Get the answer riser November 23, 2009 5:22:02 PM Good info, thanks for the follow up. Only saw Snorts years ago at a demo but they were pushing a 3D network topology graphing software and Snort was on the sidelines. Can't find your answer ? Ask ! Publish Related resources: ForumSnort 101- Help Forumwant to build a server, had some questions ForumAMD and Intel. You got Questions, we got Answers. ForumAny IDS Recommendations? ForumDvorak says computer gaming is dead ForumEthernet Switch With a PC at Core ForumZoom in and make clearer like they do on TV Forumsmall room and bass. ForumSurvive without ICMP? Forum[PW!] Birthday Warnings and Departures ForumGood multipurpose build around $1000 ForumQuestion on "Ready" rule in CC Forum[WFB] Rule question about stunties and ornithopters ForumQuestion about IF Comp rule ForumIs a managed switch a good idea for my home network? Forum[Comp04] Paul's reviews -- Part 3 of 6 (LONG!) ForumCan I rule out a software or driver issue for crash? ForumNoob Question : 256 / 512 / 1024 MB - is there a rule to help me choose ForumTrophy Rule Question [LSJ] ForumRouter Setup More resources Read discussions in other Networking categories Routers Gateways VPN LAN WAN Firewalls Cisco Netgear !