Snort mailing list archives
Re: Range values for TTL
From: Fyodor <fygrave () tigerteam net>
Date: Mon, 7 May 2001 02:56:24 +0700
On Mon, May 07, 2001 at 01:08:56AM +0800, Tan Chee Leong wrote:
Hi, A question about rule-making. It doesn't seem possible to set a range of TTL values to check. Did I miss out something? If it is really not possible, can it be considered in the next version? This may be very helpful in identifying the platform of the intruder. Pardon me if I have been ignorant in the first place.
We had 'ttl: < 5;' and 'ttl: > 6' support before. I just added support for : 'ttl: 5-10' (or even 'ttl: - 5;' or 'ttl: 5 -;' which is equal to '0-5' and '5-255' range), let me know if that's enough for your needs.. :-) You will need to cvsup current cvs tree. (or wait a day and fetch http://snort.sourceforge.net/snort-daily.tar.gz :)) cheers -Fyodor _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Range values for TTL Tan Chee Leong (May 06)
- Re: Range values for TTL Fyodor (May 06)
- Re: Range values for TTL Max Vision (May 06)
- Re: Range values for TTL Tan Chee Leong (May 07)
- Re: Range values for TTL Fyodor (May 06)