Hosting Provided By

Re: [Snort-devel] extend rules options to check tcp win size

From: Chris Green <cmg(at)sourcefire.com>
Date: Thu Jun 26 2003 - 08:17:48 EDT

m.stiefenhofer@ecofis.de writes:

alert tcp $HOME_NET any -> $EXTERNAL_NET \ (msg: "OUTGOING possibly infected host"; window: 55808;)
>
> I'm no developer but I guess the best place for this is snort.c ?!

close. you could add it to snort.conf :)

-- 
Chris Green 
A watched process never cores.


-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting 
http://www.inetu.net/partner/index.php
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Received on Thu Jun 26 08:42:43 2003

This message: [ Message body ]
Next message: m.stiefenhofer(at)ecofis.de: "Re: Re: [Snort-devel] extend rules options to check tcp win size"
Previous message: Roy S. Rapoport: "Re: [Snort-devel] New feature wanted: Rule matching stats"
In reply to m.stiefenhofer(at)ecofis.de: "Re: Re: [Snort-devel] extend rules options to check tcp win size"
Next in thread: m.stiefenhofer(at)ecofis.de: "Re: Re: [Snort-devel] extend rules options to check tcp win size"
Reply: m.stiefenhofer(at)ecofis.de: "Re: Re: [Snort-devel] extend rules options to check tcp win size"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:06 EDT