Hosting Provided By

Re: [Snort-users] snort, nessus and teardrop

From: Erek Adams <erek(at)snort.org>
Date: Fri Feb 28 2003 - 08:26:00 EST

On Fri, 28 Feb 2003, [iso-8859-1] Svein Erik Søberg wrote:

> I have used Nessus to send a Teardrop attack. The resulting packets look

The way you descirbe it: It seems you ran Nessus, executed that attack, used tcpdump to record it, then replayed it thru Snort. If so, what snaplen was used with tcpdump? It defaults to 68.... Sometimes (most of the time) that's not enough to capture the data needed to triger rules.

Cheers!

Erek Adams

"When things get weird, the weird turn pro." H.S. Thompson

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list Received on Fri Feb 28 08:30:53 2003

This message: [ Message body ]
Next message: Erek Adams: "Re: [Snort-users] Logging all packet to mysql"
In reply to Svein Erik Søberg: "[Snort-users] snort, nessus and teardrop"
Reply: Svein Erik Søberg: "RE: [Snort-users] snort, nessus and teardrop"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 11:49:56 EDT