[Snort-devel] TTL Evasion and Snort/Stream5

Matt Watchinski mwatchinski at ...402...
Tue Jan 5 15:40:50 EST 2010


Apologizes, the correct option is the overall option of "config min_ttl" and
not the stream5 specific one.

Cheers,
-matt

On Tue, Jan 5, 2010 at 1:28 PM, Matt Watchinski
<mwatchinski at ...402...>wrote:

> README.stream5
>
>     min_ttl <number>        - Minimum Time To Live.  The default is "1",
> the
>                               minimum is "1" and the maximum is "255".
>
> can also be set in target policies per host if known.
>
> Cheers,
> -matt
>
>
> On Tue, Jan 5, 2010 at 12:53 PM, snort user <snort.user at ...2499...> wrote:
>
>> Happy New Year to all!
>>
>> Does snort/stream5 do any analysis to detect TTL based evasions?
>> I was going through snort 2.8.x and did not find any.
>> Please advise.
>>
>> Thanks
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Verizon Developer Community
>> Take advantage of Verizon's best-in-class app development support
>> A streamlined, 14 day to market process makes app distribution fast and
>> easy
>> Join now and get one step closer to millions of Verizon customers
>> http://p.sf.net/sfu/verizon-dev2dev
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>
>
>
>
> --
> Matthew Watchinski
> Sr. Director Vulnerability Research Team (VRT)
> Sourcefire, Inc.
> Office: 410-423-1928
> http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
>



-- 
Matthew Watchinski
Sr. Director Vulnerability Research Team (VRT)
Sourcefire, Inc.
Office: 410-423-1928
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20100105/86b647a8/attachment.html>


More information about the Snort-devel mailing list