Snort mailing list archives
Re: [PATCH]: RFC3514 Support for simplifying the task of detecting Evil.
From: Steve Sturges <steve.sturges () sourcefire com>
Date: Sun, 1 Apr 2012 09:51:38 -0400
Thanks, Josh! We'll get this added in conjunction with the support for decoding traffic on avian carrier networks as specified in RFC 1149. Cheers. -steve On Sun, Apr 1, 2012 at 5:17 AM, Joshua Kinard <kumba () gentoo org> wrote:
Hi snort-devel, The attached patch introduces RFC3514 support (The Security Flag in the IPv4 Header) into Snort. Also known as the "Evil Bit", support of this flag greatly simplifies the the task of detecting network traffic with evil intentions. Entire rulesets can be replaced by one, single rule: alert ip any any <> any any (msg:"Evil Network Traffic Detected!"; fragbits:E; sid:42003514; rev:1; gid:1; classtype:bad-unknown;) More information on this oft-overlooked RFC can be found here: http://www.ietf.org/rfc/rfc3514.txt Cheers! :) -- Joshua Kinard Gentoo/MIPS kumba () gentoo org 4096R/D25D95E3 2011-03-28 "The past tempts us, the present confuses us, the future frightens us. And our lives slip away, moment by moment, lost in that vast, terrible in-between." --Emperor Turhan, Centauri Republic ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- [PATCH]: RFC3514 Support for simplifying the task of detecting Evil. Joshua Kinard (Apr 01)
- Re: [PATCH]: RFC3514 Support for simplifying the task of detecting Evil. Steve Sturges (Apr 01)
- Re: [PATCH]: RFC3514 Support for simplifying the task of detecting Evil. Joshua Kinard (Apr 01)
- Re: [PATCH]: RFC3514 Support for simplifying the task of detecting Evil. Steve Sturges (Apr 01)