Snort mailing list archives
Re: same SRC/DST
From: "James" <the_saint_james () yahoo com>
Date: Tue, 25 Dec 2001 10:34:28 -0700
Thanks ! The gateway is running an IOS that is fixed for this. I reconfiged, next time this happens I will get a MAC address. "Ask the plants of the earth and they will teach you." Job 12:8 ----- Original Message ----- From: "Kyle R Maxwell" <kylemaxwell () yahoo com> To: "James" <the_saint_james () yahoo com>; <snort-users () lists sourceforge net> Sent: Tuesday, December 25, 2001 8:57 AM Subject: Re: [Snort-users] same SRC/DST
Looks like a Land attack (Google for land.c). You probably want to watch for the whole packet to get the MAC addresses and make sure that such an attack is not being launched from one of your (possibly compromised) machines.
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SNORT DROPPING PACKETS Bartholomew Simpson (Dec 22)
- <Possible follow-ups>
- RE: SNORT DROPPING PACKETS Crow, Owen (Dec 22)
- RE: SNORT DROPPING PACKETS Greg Herlein (Dec 23)
- RE: SNORT DROPPING PACKETS Crow, Owen (Dec 23)
- Re: SNORT DROPPING PACKETS Chris Green (Dec 23)
- Re: SNORT DROPPING PACKETS Phil Wood (Dec 23)
- Incident Identification Frank Reid (Dec 23)
- Re: Incident Identification Phil Wood (Dec 23)
- same SRC/DST James (Dec 24)
- Re: same SRC/DST Kyle R Maxwell (Dec 25)
- Re: same SRC/DST James (Dec 25)
- Re: same SRC/DST Ashley Thomas (Dec 25)
- Re: Incident Identification (data in TCP syn packet) Matt Kettler (Dec 26)
- Re: Incident Identification (data in TCP syn packet) james (Dec 26)
- I want to dump full packets, but just for one rule james (Dec 26)
- Re: SNORT DROPPING PACKETS Phil Wood (Dec 23)