Snort mailing list archives

Re: Rule for Cisco IOS Interface Blocked by IPv4 Packet Vulnerability

From: Jason Haar <Jason.Haar () trimble co nz>
Date: Fri, 18 Jul 2003 12:35:32 +1200

On Thu, Jul 17, 2003 at 05:34:53PM -0700, Matt Ploessel wrote:

alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"Cisco IPv4 DoS";
classtype:attempted-dos; ip_proto 17;)


That should be a 77. If it were "17" - we really would have something to
worry about :-)


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Rule for Cisco IOS Interface Blocked by IPv4 Packet Vulnerability Matt Ploessel (Jul 17)
- Re: Rule for Cisco IOS Interface Blocked by IPv4 Packet Vulnerability Pawel Rogocz (Jul 18)
- <Possible follow-ups>
- Rule for Cisco IOS Interface Blocked by IPv4 Packet Vulnerability Matt Ploessel (Jul 18)
  - Re: Rule for Cisco IOS Interface Blocked by IPv4 Packet Vulnerability Jason Haar (Jul 17)
- RE: Rule for Cisco IOS Interface Blocked by IPv4 Packet Vulnerability Matt Ploessel (Jul 18)