Re: [Snort-devel] 1.8.4-beta1 feedback?

[Jeff Nathan <jeff () wwti com>]

"Smith, Donald" wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jeff I believe the static data your referring to is hardcoded data
> because that is what it takes to kill synscan1.5 or 1.6.
> A packet from www.microsoft.de on port 80 to port 31337 on the
> scanning machine.
> I realize this is a little specialized but it would affect a large
> number of scanners.
> Since a large part of the scanning being
> done on the net is still using synscan1.5/1.6 code
> I had hoped to get this patch accepted soon.
>
> I did send you two versions. Just to be sure you have the correct
> version I am including
> the latest version. It is for 1.8.3 not 1.8.4. and precaches the
> tcpsyn packet.
>
> Donald.Smith () qwest com GCIA
> QIS/WWN Security
> 303-226-9939 Office
> 720-320-1537 cell

Aha!

a bit of confusion on my part.  I'll see what I can to as far as
integrating this sort of functionality into the CVS code.

It appears as though www.microsoft.de is a single IP address, so there
are some optimizations to be made.

-Jeff

-- 
http://jeff.wwti.com            (pgp key available)
"Common sense is the collection of prejudices acquired by age eighteen."
- Albert Einstein

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users