|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: [Snort-devel] Simple TTL of 1 rules do not alert
From: Andrew R. Baker <andrewb(at)snort.org>
Date: Fri Feb 21 2003 - 21:16:05 EST
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Fri Feb 21 21:21:49 2003
Date: Fri Feb 21 2003 - 21:16:05 EST
Zultan wrote:
> Just tried and tested it - no joy.
I just tested with the following rule and it works fine.
alert tcp any any -> any any (msg: "TCP traceroute, TTL=1"; ttl: 1;)
I checked 1.8.7beta5 (Build 125), 2.0.0beta (Build 47), and 1.9.0 (Build 230). What other features do you have enabled? I used "snort -c ./test.conf -A console" for my testing.
-A
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Fri Feb 21 21:21:49 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:03 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |