Re: tcp resets on stealth interface

[Edin Dizdarevic <Edin.Dizdarevic () interActive-Systems de>]

Hi,

I think that should work since libnet is working besides the kernel,
just like libpcap. AFAIK libpcap and libnet actually use the same
mechanisms provided by the system (LSF/BPF respectively), however two
different system libraries have been developped for those two tasks.

Anyone mit steadier knowledge on this present? :-|

It would also be interessting to see, which MAC is being used
then. For the remote "attacker" this may be irrelevant but if you
for instance somewhere filter on MACs a possible pitfall.

Would you please be so kind and report your results. 8)

Thanks and best regards,
Edin

agnelo d wrote:

> Hello, I've setup the snort IDS with flexresp enabled. I would like
> to know if it is possible to send out tcp resets on the stealth
> interface. (interface with no IP address)
>
>
>
> Agnelo





-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users