[Snort-devel] tcp window detection

Federico Barbieri fede at ...1683...
Wed Jun 11 03:36:18 EDT 2003


hi guys, I'm a newbie here so plese forgive me if the question looks 
stupid to you...

I found this article
http://gcn.com/vol1_no1/daily-updates/22371-1.html

and was curious of investigating the issue. I have snort 2.0.0 (Build 
72) running on my gateway home. It's a beauty! But I'm having troubles 
trying to add a rule to detect tcp window syn packets. What would be the 
rule option to use?
Can anyone help me out?

thanks

fede
-- 
If we knew what it was we were doing, it would not be called research, 
would it?





More information about the Snort-devel mailing list