syn flood

Started by akanarya, February 02, 2021, 04:25:59 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 02, 2021, 04:25:59 PM
Hi,
I am experimenting suricata with syn flood.
I observered that it could discard the certain floods but interestingly there is no alert on IDS alert screen.
I am sure that IDS blocked, because when i am disabling the IDS, packets are arriving to the client.
No other parameters were changed.

My opnsense is at the latest version and I am only using ET Pro telemetry rules not others.
Only attack to port 22 is giving "SSH scan" alert.
What is the reason for no alert?
Thanks
Print
Go Up Pages1
User actions