[Snort-devel] TTL Evasion and Snort/Stream5

Matt Watchinski mwatchinski at ...402...
Tue Jan 5 13:28:44 EST 2010


README.stream5

    min_ttl <number>        - Minimum Time To Live.  The default is "1", the
                              minimum is "1" and the maximum is "255".

can also be set in target policies per host if known.

Cheers,
-matt

On Tue, Jan 5, 2010 at 12:53 PM, snort user <snort.user at ...2499...> wrote:

> Happy New Year to all!
>
> Does snort/stream5 do any analysis to detect TTL based evasions?
> I was going through snort 2.8.x and did not find any.
> Please advise.
>
> Thanks
>
>
> ------------------------------------------------------------------------------
> This SF.Net email is sponsored by the Verizon Developer Community
> Take advantage of Verizon's best-in-class app development support
> A streamlined, 14 day to market process makes app distribution fast and
> easy
> Join now and get one step closer to millions of Verizon customers
> http://p.sf.net/sfu/verizon-dev2dev
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>



-- 
Matthew Watchinski
Sr. Director Vulnerability Research Team (VRT)
Sourcefire, Inc.
Office: 410-423-1928
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20100105/36a541c1/attachment.html>


More information about the Snort-devel mailing list