alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:1000002; rev:1; classtype:icmp-event;)
alert tcp any any -> $HOME_NET 80 (msg:"Web connection attempt"; sid:1000003; rev:1;)
alert tcp any any -> $HOME_NET 9090 (msg:"Web connection attempt"; sid:1000004; rev:1;)
alert tcp any any -> $HOME_NET 1100 (msg:"SSH connection attempt"; sid:1000005; rev:1;)
#alert tcp any any -> $HOME_NET any (msg:"TCP Port Scanning"; sid:1000005; rev:2; detection_filter:track by_dst, count 10, seconds 1;)
#alert udp any any -> $HOME_NET any (msg:"Testing UDP alert "; sid:1000006; rev:1)
#alert tcp any any -> $HOME_NET any (msg:"Testing TCP alert "; sid:1000007; detection_filter:track by_dst, count 10, seconds 5;)
#alert tcp any any -> $HOME_NET any (msg:"Testing TCP alert "; sid:1000007; rev:1;)
alert tcp any any -> $HOME_NET 80 (flags: S; msg:"Possible DDoS Attack Type : SYN flood"; flow:stateless; sid:3; detection_filter:track by_dst, count 20, seconds 10;)
alert tcp any any -> $HOME_NET 9090 (flags: S; msg:"Possible DDoS Attack Type : SYN flood"; flow:stateless; sid:3; detection_filter:track by_dst, count 20, seconds 10;)