Snort mailing list archives
Re: snort sees no fragmented attack
From: Andreas Östling <andreaso () it su se>
Date: Fri, 9 Aug 2002 16:09:21 +0200 (CEST)
On Fri, 9 Aug 2002 Holger.Woehle () arcor net wrote:
echo "GET /aaaaaaa/aaa/aaaaa/aaaaaaaa/aaaaaaa/bcc/bin/ps" | nc
I think this should work since you seem to have frag2 loaded... (perhaps a very old version?) I tried 1.9beta2 on 100 mtu ethernet and snort had no trouble with that packet/rule (alert was generated). /Andreas ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort sees no fragmented attack Holger . Woehle (Aug 09)
- Re: snort sees no fragmented attack Chris Green (Aug 09)
- Re: snort sees no fragmented attack Andreas Östling (Aug 09)
- Re: snort sees no fragmented attack Matt Kettler (Aug 09)
- Autoblock on Linux Lionel Fairon (Aug 09)
- <Possible follow-ups>
- snort sees no fragmented attack Holger . Woehle (Aug 09)
- Re: snort sees no fragmented attack Holger . Woehle (Aug 12)
- Re: Re: snort sees no fragmented attack Chris Green (Aug 12)
- Re: snort sees no fragmented attack Holger . Woehle (Aug 12)