Snort mailing list archives
Re: Snort Log Despoofer
From: Chris Green <cmg () sourcefire com>
Date: Thu, 16 May 2002 07:40:15 -0400
Glenn Larsson <ichinin () swipnet se> writes:
Hi Scot. Do note; It's beta, i've only tried it in my Home network so even i can't tell with 100% accuracy how it will behave, even though it just read the Alert file and send ICMP_Echo to the hosts; Hence the warning - Do not use the program in a production environment. Anyways, i've been thinking about releasing the sourcecode, if i decide to release it it'll probably be on My page or Sourceforge. It won't happen today though - maby Saturday/Sunday.
Just as a note, ATTACK RESPONSES is designed to show whats coming from your network and so measuring the internal TTL is showing how your routes have changed. Comparing TTL after the fact and a differences could ( would likely ) mean routing changes. TCP rules are nearly impossible to spoof when using the stateful inspection stream4 capabilities in conjunction with config stateful in your config file. Cheers, Chris -- Chris Green <cmg () sourcefire com> "Not everyone holds these truths to be self-evident, so we've worked up a proof of them as Appendix A." -- Paul Prescod _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Log Despoofer Glenn Larsson (May 15)
- Re: Snort Log Despoofer ScotScot (May 15)
- Re: Snort Log Despoofer Glenn Larsson (May 16)
- Re: Snort Log Despoofer Chris Green (May 16)
- Re: Snort Log Despoofer Glenn Larsson (May 16)
- Re: Snort Log Despoofer ScotScot (May 15)