I have a problem with ips mode when i try to demo TCP SYN flood attack by hping3
When i use command:
hping3 -S -P 192.168.159.8 -i u1000.
That’s Suricata’s log
But when I add option --rand-source:
hping3 -S -P 192.168.159.8 -i u1000 --rand-source
Nothing happen. The packet wasn’t even sent to suricata.
Rule i used: drop tcp any any → any any (msg: “TCP detection”; sid:1000001; rev:1;)
Tks a lot