[Snort-devel] TTL Evasion and Snort/Stream5

snort user snort.user at ...2499...
Tue Jan 5 14:37:19 EST 2010


Thanks for all the responses.
I had seen that config option, however, browsing the code I did not
see any use of this variable.

Thanks

On Tue, Jan 5, 2010 at 1:28 PM, Matt Watchinski
<mwatchinski at ...402...> wrote:
> README.stream5
>
>     min_ttl <number>        - Minimum Time To Live.  The default is "1", the
>                               minimum is "1" and the maximum is "255".
>
> can also be set in target policies per host if known.
>
> Cheers,
> -matt
>
> On Tue, Jan 5, 2010 at 12:53 PM, snort user <snort.user at ...2499...> wrote:
>>
>> Happy New Year to all!
>>
>> Does snort/stream5 do any analysis to detect TTL based evasions?
>> I was going through snort 2.8.x and did not find any.
>> Please advise.
>>
>> Thanks
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Verizon Developer Community
>> Take advantage of Verizon's best-in-class app development support
>> A streamlined, 14 day to market process makes app distribution fast and
>> easy
>> Join now and get one step closer to millions of Verizon customers
>> http://p.sf.net/sfu/verizon-dev2dev
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>
>
> --
> Matthew Watchinski
> Sr. Director Vulnerability Research Team (VRT)
> Sourcefire, Inc.
> Office: 410-423-1928
> http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
>




More information about the Snort-devel mailing list