|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: RE: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)
From: Mullen, Patrick (Patrick.Mullen
GD-CS.COM)Date: Thu Mar 16 2000 - 13:49:11 CST
- Next message: Jed Pickel: "Re: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)"
- Previous message: Fyodor: "Re: [snort] Snort 1.6 Release Candidate 1 [WWW only]"
- Maybe in reply to: Mullen, Patrick: "[snort] PSH|ACK|RST (FW: spp_portscan.c.diff)"
- Next in thread: Mullen, Patrick: "RE: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)"
- Maybe reply: Mullen, Patrick: "RE: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> I may not be making any sense, sorry.
No, you make perfect sense, and this is a point that I (and
others) have been trying to make for a while. Well, the
point that it would be nice to keep packets around for a
while, not the point that you make (or don't make) sense. ;)
Maybe an input plugin would be nice, since there is
supposedly some mechanism for talking directly to them,
though I don't know what it is. This plugin would keep
track of packets for X seconds/minutes or Y megabytes,
and if an alert is triggered the alert may tell this
plugin to log the session which led up to the alert.
(Insert comment where Marty says, "Great guys! You two
go code it!") Anyone else want to join the party? I could
go through the archives if no one volunteers...
~Patrick
- Next message: Jed Pickel: "Re: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)"
- Previous message: Fyodor: "Re: [snort] Snort 1.6 Release Candidate 1 [WWW only]"
- Maybe in reply to: Mullen, Patrick: "[snort] PSH|ACK|RST (FW: spp_portscan.c.diff)"
- Next in thread: Mullen, Patrick: "RE: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)"
- Maybe reply: Mullen, Patrick: "RE: [snort] PSH|ACK|RST (FW: spp_portscan.c.diff)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]