|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: RE: [snort] The TCP Flags Playground
From: Ofir Arkin (ofir
packet-technologies.com)Date: Thu Mar 30 2000 - 00:46:34 CST
- Next message: per.thorsheimno.pwcglobal.com: "[snort] Spoofed IP source detection"
- Previous message: Andrew R. Baker: "[snort] Snort 1.7 projected features"
- In reply to: Mullen, Patrick: "RE: [snort] The TCP Flags Playground"
- Reply: Ofir Arkin: "RE: [snort] The TCP Flags Playground"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I forgot to mentioned it is Linux 2.2.x and Windows Machines.
I will work on a more comprehensive list soon.
Ofir
-----Original Message-----
From: bounce+snortbofh.kyrnet.kg [mailto:bounce+snortbofh.kyrnet.kg]On
Behalf Of Mullen, Patrick
Sent: Monday, March 27, 2000 6:24 PM
To: 'snortbofh.kyrnet.kg'
Subject: RE: [snort] The TCP Flags Playground
That's all well and good, but your table is far from complete which is why
the topic has been discussed.
Quick example --
> Host Detection:
> Any combination of the ACK bit, except with a RST, would
> elicit a RST back from a probed machines whether we
> probe an opened port or a closed one.
Sun 5.5.1
Send URG|ACK
Open port - no response
Closed port - RST
Most of your post is correct and informative. Just not the be-all-end-all
resource you'd hoped. Sorry.
~Patrick
- Next message: per.thorsheimno.pwcglobal.com: "[snort] Spoofed IP source detection"
- Previous message: Andrew R. Baker: "[snort] Snort 1.7 projected features"
- In reply to: Mullen, Patrick: "RE: [snort] The TCP Flags Playground"
- Reply: Ofir Arkin: "RE: [snort] The TCP Flags Playground"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]