Snort mailing list archives

Re: snort sees no fragmented attack

From: Andreas Östling <andreaso () it su se>
Date: Fri, 9 Aug 2002 16:09:21 +0200 (CEST)


On Fri, 9 Aug 2002 Holger.Woehle () arcor net wrote:

echo "GET /aaaaaaa/aaa/aaaaa/aaaaaaaa/aaaaaaa/bcc/bin/ps" | nc


I think this should work since you seem to have frag2 loaded...
(perhaps a very old version?)

I tried 1.9beta2 on 100 mtu ethernet and snort had no trouble with
that packet/rule (alert was generated).

/Andreas



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort sees no fragmented attack Holger . Woehle (Aug 09)
- Re: snort sees no fragmented attack Chris Green (Aug 09)
- Re: snort sees no fragmented attack Andreas Östling (Aug 09)
  - Re: snort sees no fragmented attack Matt Kettler (Aug 09)
- Autoblock on Linux Lionel Fairon (Aug 09)
- <Possible follow-ups>
- snort sees no fragmented attack Holger . Woehle (Aug 09)
- Re: snort sees no fragmented attack Holger . Woehle (Aug 12)
  - Re: Re: snort sees no fragmented attack Chris Green (Aug 12)
- Re: snort sees no fragmented attack Holger . Woehle (Aug 12)