Hosting Provided By

[Snort-devel] tcp window detection

From: Federico Barbieri <fede(at)betaversion.org>
Date: Wed Jun 11 2003 - 06:35:38 EDT

hi guys, I'm a newbie here so plese forgive me if the question looks stupid to you...

I found this article
http://gcn.com/vol1_no1/daily-updates/22371-1.html

and was curious of investigating the issue. I have snort 2.0.0 (Build 72) running on my gateway home. It's a beauty! But I'm having troubles trying to add a rule to detect tcp window syn packets. What would be the rule option to use?
Can anyone help me out?

thanks

fede

-- 
If we knew what it was we were doing, it would not be called research, 
would it?



-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Received on Wed Jun 11 06:50:38 2003

This message: [ Message body ]
Next message: Nick Austin: "[Snort-devel] PATCH: Snort log in pcap format to stdout"
Previous message: Chris Green: "Re: [Snort-devel] Snort 2.0 rule type possible side effect bug"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:06 EDT