Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: snort.org > snort-devel > 04 > 020952.html (Request Expert snort.org Support)

Re: [Snort-devel] tag behavior in 2.0.6+

From: Russell Fulton <r.fulton(at)auckland.ac.nz>
Date: Sat Feb 28 2004 - 21:13:22 EST

On Sun, 2004-02-29 at 05:16, Andreas Östling wrote:

> It looks like this change was intentional (by removing the reverse host

I support this request. The old behaviour allows one to capture responses to actions by a would be intruder. Often these are enough to confirm whether or not the attack succeeded.

One supplementary question: does snort include anything in the log which links the tagged packets with the packet that caused the tagging to take place? I'm getting tagged packets turning up in ACID and I can't figure out where they are from...   

-- 
Russell Fulton                                    /~\  The ASCII
Network Security Officer                          \ /  Ribbon Campaign
The University of Auckland                         X   Against HTML
New Zealand                                       / \  Email!




-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&opick
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Received on Sat Feb 28 21:20:46 2004

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:10 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library