threshold: type threshold 사용
ubuntu
$ alert tcp any any -> ubuntu_ip any (msg: "Detect DDos SYN Flooding"; flags: S; threshold: type threshold; track by_dst, count 5, seconds 10; sid:1000001;)kali
$ hping3 ubuntu_ip -p 22 -S --floodubuntu
$ snort -A console -q -u snort -g snort -c /etc/snort/snort.conf