Snort mailing list archives
Re: TTL Evasion and Snort/Stream5
From: snort user <snort.user () gmail com>
Date: Tue, 5 Jan 2010 14:37:19 -0500
Thanks for all the responses. I had seen that config option, however, browsing the code I did not see any use of this variable. Thanks On Tue, Jan 5, 2010 at 1:28 PM, Matt Watchinski <mwatchinski () sourcefire com> wrote:
README.stream5 min_ttl <number> - Minimum Time To Live. The default is "1", the minimum is "1" and the maximum is "255". can also be set in target policies per host if known. Cheers, -matt On Tue, Jan 5, 2010 at 12:53 PM, snort user <snort.user () gmail com> wrote:Happy New Year to all! Does snort/stream5 do any analysis to detect TTL based evasions? I was going through snort 2.8.x and did not find any. Please advise. Thanks ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel-- Matthew Watchinski Sr. Director Vulnerability Research Team (VRT) Sourcefire, Inc. Office: 410-423-1928 http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- TTL Evasion and Snort/Stream5 snort user (Jan 05)
- Re: TTL Evasion and Snort/Stream5 Matt Watchinski (Jan 05)
- Re: TTL Evasion and Snort/Stream5 snort user (Jan 05)
- Re: TTL Evasion and Snort/Stream5 Matt Watchinski (Jan 05)
- Re: TTL Evasion and Snort/Stream5 Matt Watchinski (Jan 05)