Snort mailing list archives
Re: tcp resets on stealth interface
From: Edin Dizdarevic <Edin.Dizdarevic () interActive-Systems de>
Date: Thu, 01 Jan 2004 23:56:09 +0100
Hi, I think that should work since libnet is working besides the kernel, just like libpcap. AFAIK libpcap and libnet actually use the same mechanisms provided by the system (LSF/BPF respectively), however two different system libraries have been developped for those two tasks. Anyone mit steadier knowledge on this present? :-| It would also be interessting to see, which MAC is being used then. For the remote "attacker" this may be irrelevant but if you for instance somewhere filter on MACs a possible pitfall. Would you please be so kind and report your results. 8) Thanks and best regards, Edin agnelo d wrote:
Hello, I've setup the snort IDS with flexresp enabled. I would like to know if it is possible to send out tcp resets on the stealth interface. (interface with no IP address) Agnelo
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- tcp resets on stealth interface agnelo d (Jan 01)
- Re: tcp resets on stealth interface Edin Dizdarevic (Jan 01)