Snort mailing list archives
Re: TTL Evasion and Snort/Stream5
From: Matt Watchinski <mwatchinski () sourcefire com>
Date: Tue, 5 Jan 2010 15:40:50 -0500
Apologizes, the correct option is the overall option of "config min_ttl" and not the stream5 specific one. Cheers, -matt On Tue, Jan 5, 2010 at 1:28 PM, Matt Watchinski <mwatchinski () sourcefire com>wrote:
README.stream5 min_ttl <number> - Minimum Time To Live. The default is "1", the minimum is "1" and the maximum is "255". can also be set in target policies per host if known. Cheers, -matt On Tue, Jan 5, 2010 at 12:53 PM, snort user <snort.user () gmail com> wrote:Happy New Year to all! Does snort/stream5 do any analysis to detect TTL based evasions? I was going through snort 2.8.x and did not find any. Please advise. Thanks ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel-- Matthew Watchinski Sr. Director Vulnerability Research Team (VRT) Sourcefire, Inc. Office: 410-423-1928 http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
-- Matthew Watchinski Sr. Director Vulnerability Research Team (VRT) Sourcefire, Inc. Office: 410-423-1928 http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- TTL Evasion and Snort/Stream5 snort user (Jan 05)
- Re: TTL Evasion and Snort/Stream5 Matt Watchinski (Jan 05)
- Re: TTL Evasion and Snort/Stream5 snort user (Jan 05)
- Re: TTL Evasion and Snort/Stream5 Matt Watchinski (Jan 05)
- Re: TTL Evasion and Snort/Stream5 Matt Watchinski (Jan 05)