|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Motoki Yokoyama (yokoyama_at_exa.onlab.ntt.co.jp)
Date: Tue Dec 03 2002 - 01:28:33 CST
Hi All,
I'm trying "FlexResp" function in snort-1.9.0 on RedHat7.3.
But my snort reply both SYN/ACK and RST/ACK to "TCP connection
scan" and "TCP Half Scan" On the other hand the snort reply
RST/ACK to "FIN scan", "Xmas Scan", and "NULL scan". Doesn't
the snort operate to "TCP connection scan" and "TCP Half Scan"
as same as to "FIN scan", "Xmas Scan", and "NULL scan"?
I expect to reply RST/ACK to all these scan.
Please give me any advice to my problem.
The signature of this test is following:
alert tcp 10.6.21.10 any -> 10.6.21.1 22
(msg:"Resp"; resp:rst_snd; sid:1000009;)
where, 10.6.21.10 is a remote host.
Other information of my snort environment is following:
・瘢雹libpcap-0.6.2-2cl.i386.rpm
・瘢雹libpcap-devel-0.6.2-2cl.i386.rpm
・瘢雹libnet-1.0.2a-2.i386.rpm
Thanks
-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T
handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users
lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]