Re: [Snort-sigs] Simple Question!!

Well ..
I this wasnt exactly the way of reply i was expecting from Any one on these lists I didnt do anything wrong by asking a question .. by the way i am a developer too..i'm not playing. And I am developing an IDS and need some explanation of Signature of attacks you could just kindly gave me a link where i can find an answer instead this long message.  

SAM_IDS   Nigel Houghton <nigel@sourcefire.com> wrote: The questions you are asking are all answered in the copious Snort documentation. This list is for the discussion of Snort signature development and other issues concerning rules. Please refer to the documentation first before asking a question, and when you do ask a question, please ask on the correct list, snort-users is a good place to seek help for many things.

Finally, please do not cross-post to multiple lists.

On 0, SAM IDS allegedly wrote:
> hello ,
> In the
> Signature : alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"DOS IGMP dos attack"; content:"|02 00|"; depth: 2; ip_proto: 2; fragbits: M+; reference:cve,CVE-1999-0918; classtype:attempted-dos; sid:272; rev:2;)
>
> Whats meant by:
> 1.depth: 2
> 2.fragbits: M+

--
Nigel Houghton Research Engineer Sourcefire Inc.
Vulnerability Research Team

In an emergency situation involving two or more officers of equal rank,
seniority will be granted to whichever officer can program a vcr.

---------------------------------
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.
http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs