Num 1
ubuntu
$ alert icmp any any -> ubuntu_ip any (msg: "Ping of Death"; threshold: type both, track by_src, count 10, seconds 2; sid:1000001;)kali
$ hping3 ubuntu_ip --icmp --flood- 많은 양의 ICMP 패킷 전송ubuntu
$ snort -A console -q -u snort -g snort -c /etc/snort/snort.confNum 2
ubuntu
$ alert icmp any any -> ubuntu_ip any (msg: "Ping of Death"; threshold: type limit, track by_src, count 10, seconds 2, dsize:>5000; sid:1000001;)- dsize:>5000 : 패킷의 크기가 5,000byte 초과하는 경우 탐지