Snort mailing list archives

Previous By Date Next
Previous By Thread Next

IPID field filtering

From: "Mcintosh, Fraser" <40121324 () live napier ac uk>
Date: Thu, 25 Feb 2016 12:56:11 +0000
Good afternoon!


I am a computer security student currently undertaking an Honours project on covert channels and steganography. I tried 
to use Snort to raise an alert if it finds ASCII characters in the IPID field of frames. However, I keep getting an 
error message saying that the value has to be a number when filtering the IPID field. After trying to find a reason as 
to why Snort doesn't allow this I found nothing. Therefore I would be very greatful if someone could offer an 
explanation as to why Snort does not support filtering against strings for the IPID field.


Many thanks, Fraser McIntosh.

This message and its attachment(s) are intended for the addressee(s) only and should not be read, copied, disclosed, 
forwarded or relied upon by any person other than the intended addressee(s) without the permission of the sender. If 
you are not the intended addressee you must not take any action based on this message and its attachment(s) nor must 
you copy or show them to anyone. Please respond to the sender and ensure that this message and its attachment(s) are 
deleted.

It is your responsibility to ensure that this message and its attachment(s) are scanned for viruses or other defects. 
Edinburgh Napier University does not accept liability for any loss or damage which may result from this message or its 
attachment(s), or for errors or omissions arising after it was sent. Email is not a secure medium. Emails entering 
Edinburgh Napier University's system are subject to routine monitoring and filtering by Edinburgh Napier University.

Edinburgh Napier University is a registered Scottish charity. Registration number SC018373


------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: