Snort mailing list archives
Re: Matching overlapping TCP data segments with differing data
From: Peter Maynard via Snort-sigs <snort-sigs () lists snort org>
Date: Wed, 25 Sep 2019 14:43:56 +0000
Hi Yun, That's great. Do you know if these patches have been merged into SNORT or Bro? I was just playing around with snort 2.9.13-1, and couldn't get it to trigger. Thanks, Pete On Wed, 2019-09-25 at 15:56 +0200, Yun Zheng Hu wrote:
Hi, I made some patches for Snort to support this in the past. You can find the original patches and other reference material here: https://github.com/fox-it/quantuminsert Regards, YunOn 25 Sep 2019, at 14:30, Peter Maynard via Snort-sigs < snort-sigs () lists snort org> wrote: Hello, I'm looking to create a signature that is able to match on overlapping TCP data segments that have different data. The reason being for detecting man-on-the-side attacks [1]. This has been implmenting within suricata [2] and was wondering if this were possibile within SNORT? Kind Regards, Pete [1] https://en.wikipedia.org/wiki/Man-on-the-side_attack [2] h ttps://github.com/OISF/suricata/commit/6f76ac176d70d85fa2a5719dacdc 8fef0ef074dc -- Pete Maynard Center for Secure Information Technologies Queen's University Belfast GPG: 0xABB8D69D _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
-- Pete Maynard Centre for Secure Information Technologies 0x248FC016ABB8D69D _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Current thread:
- Matching overlapping TCP data segments with differing data Peter Maynard via Snort-sigs (Sep 25)
- Re: Matching overlapping TCP data segments with differing data Yun Zheng Hu via Snort-sigs (Sep 26)
- Re: Matching overlapping TCP data segments with differing data Peter Maynard via Snort-sigs (Sep 25)
- Re: Matching overlapping TCP data segments with differing data Yun Zheng Hu via Snort-sigs (Sep 26)
- Re: Matching overlapping TCP data segments with differing data Peter Maynard via Snort-sigs (Sep 25)
- Re: Matching overlapping TCP data segments with differing data Yun Zheng Hu via Snort-sigs (Sep 26)