[Snort-devel] Evading Snort via splitting ACKs

David J. Bianco bianco at ...1589...
Tue Sep 24 05:54:04 EDT 2002


A couple of people have asked for my sample code, so I'm attaching it
below.  I've only ever tried to compile it under RedHat 7.3, but I think
it stands a reasonable chance of working elsewhere.  You'll need both
libnet and libpcap.  Documentation is in the comments at the beginning.
I'd appreciate knowing what your experiences are with this code, and 
maybe others would too, so perhaps posting them to list would be
appropriate.

	Thanks,
	  David

-- 
David J. Bianco, GSEC		<bianco at ...1589...>
Thomas Jefferson National Accelerator Facility
GPG Fingerprint:   516A B80D AAB3 1617 A340  227A 723B BFBE B395 33BA

     The views expressed herein are solely those of the author and
	    not those of SURA/Jefferson Lab or the US DOE.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: arpsplit.c
Type: text/x-c
Size: 20334 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20020924/12db6cce/attachment.bin>


More information about the Snort-devel mailing list