Re: Range values for TTL

["Tan Chee Leong" <tcleong () cyberway com sg>]

Hey thanks Fyodor.  More than what I expected :)

Hi Max, thks for the pointer.  I'm sure there are more ways than just TTL to
do OS finger printing.  My rules will grow as I learn.  Thks.

----- Original Message -----
From: "Fyodor" <fygrave () tigerteam net>
To: "Tan Chee Leong" <tcleong () cyberway com sg>
Cc: <snort-users () lists sourceforge net>
Sent: Monday, May 07, 2001 3:56 AM
Subject: Re: [Snort-users] Range values for TTL


> On Mon, May 07, 2001 at 01:08:56AM +0800, Tan Chee Leong wrote:
> > Hi,
> >
> > A question about rule-making.  It doesn't seem possible to set a range
of
> > TTL values to check.  Did I miss out something?  If it is really not
> > possible, can it be considered in the next version?  This may be very
> > helpful in identifying the platform of the intruder.
> >
> > Pardon me if I have been ignorant in the first place.
>
>
> We had 'ttl: < 5;' and 'ttl: > 6' support before. I just
> added support for : 'ttl: 5-10' (or even 'ttl: - 5;' or
> 'ttl: 5 -;' which is equal to '0-5' and '5-255' range), let
> me know if that's enough for your needs.. :-)
>
> You will need to cvsup current cvs tree. (or wait a day and
> fetch http://snort.sourceforge.net/snort-daily.tar.gz :))
>
> cheers
> -Fyodor


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users