Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Chris Green (cmgsourcefire.com)
Date: Thu May 16 2002 - 06:40:15 CDT
Glenn Larsson <ichininswipnet.se> writes:
> Hi Scot.
> Do note; It's beta, i've only tried it in my Home network so even i
> can't tell with 100% accuracy how it will behave, even though it
> just read the Alert file and send ICMP_Echo to the hosts; Hence the
> warning - Do not use the program in a production environment.
> Anyways, i've been thinking about releasing the sourcecode, if i
> decide to release it it'll probably be on My page or Sourceforge. It
> won't happen today though - maby Saturday/Sunday.
Just as a note, ATTACK RESPONSES is designed to show whats coming from
your network and so measuring the internal TTL is showing how your
routes have changed.
Comparing TTL after the fact and a differences could ( would likely ) mean
TCP rules are nearly impossible to spoof when using the stateful
inspection stream4 capabilities in conjunction with
in your config file.
-- Chris Green <cmgsourcefire.com> "Not everyone holds these truths to be self-evident, so we've worked up a proof of them as Appendix A." -- Paul Prescod
Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidthsourceforge.net _______________________________________________ Snort-users mailing list Snort-userslists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users