Snort mailing list archives
Re: [Snort-devel] 1.8.4-beta1 feedback?
From: Jeff Nathan <jeff () wwti com>
Date: Tue, 05 Feb 2002 15:47:23 -0800
"Smith, Donald" wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff I believe the static data your referring to is hardcoded data because that is what it takes to kill synscan1.5 or 1.6. A packet from www.microsoft.de on port 80 to port 31337 on the scanning machine. I realize this is a little specialized but it would affect a large number of scanners. Since a large part of the scanning being done on the net is still using synscan1.5/1.6 code I had hoped to get this patch accepted soon. I did send you two versions. Just to be sure you have the correct version I am including the latest version. It is for 1.8.3 not 1.8.4. and precaches the tcpsyn packet. Donald.Smith () qwest com GCIA QIS/WWN Security 303-226-9939 Office 720-320-1537 cell
Aha! a bit of confusion on my part. I'll see what I can to as far as integrating this sort of functionality into the CVS code. It appears as though www.microsoft.de is a single IP address, so there are some optimizations to be made. -Jeff -- http://jeff.wwti.com (pgp key available) "Common sense is the collection of prejudices acquired by age eighteen." - Albert Einstein _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Re: [Snort-devel] 1.8.4-beta1 feedback? Justin Ferguson (Feb 01)
- <Possible follow-ups>
- RE: [Snort-devel] 1.8.4-beta1 feedback? Smith, Donald (Feb 04)
- Re: [Snort-devel] 1.8.4-beta1 feedback? Jeff Nathan (Feb 05)
- RE: [Snort-devel] 1.8.4-beta1 feedback? Smith, Donald (Feb 05)
- Re: [Snort-devel] 1.8.4-beta1 feedback? Jeff Nathan (Feb 05)