Snort mailing list archives
Re: Matching overlapping TCP data segments with differing data
From: Yun Zheng Hu via Snort-sigs <snort-sigs () lists snort org>
Date: Wed, 25 Sep 2019 15:56:53 +0200
Hi, I made some patches for Snort to support this in the past. You can find the original patches and other reference material here: https://github.com/fox-it/quantuminsert Regards, Yun
On 25 Sep 2019, at 14:30, Peter Maynard via Snort-sigs <snort-sigs () lists snort org> wrote: Hello, I'm looking to create a signature that is able to match on overlapping TCP data segments that have different data. The reason being for detecting man-on-the-side attacks [1]. This has been implmenting within suricata [2] and was wondering if this were possibile within SNORT? Kind Regards, Pete [1] https://en.wikipedia.org/wiki/Man-on-the-side_attack [2] h ttps://github.com/OISF/suricata/commit/6f76ac176d70d85fa2a5719dacdc8fef0ef074dc -- Pete Maynard Center for Secure Information Technologies Queen's University Belfast GPG: 0xABB8D69D _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Matching overlapping TCP data segments with differing data Peter Maynard via Snort-sigs (Sep 25)
- Re: Matching overlapping TCP data segments with differing data Yun Zheng Hu via Snort-sigs (Sep 26)
- Re: Matching overlapping TCP data segments with differing data Peter Maynard via Snort-sigs (Sep 25)
- Re: Matching overlapping TCP data segments with differing data Yun Zheng Hu via Snort-sigs (Sep 26)
- Re: Matching overlapping TCP data segments with differing data Peter Maynard via Snort-sigs (Sep 25)
- Re: Matching overlapping TCP data segments with differing data Yun Zheng Hu via Snort-sigs (Sep 26)