Apologizes, the correct option is the overall option of "config min_ttl" and not the stream5 specific one.  <br><br>Cheers,<br>-matt<br><br><div class="gmail_quote">On Tue, Jan 5, 2010 at 1:28 PM, Matt Watchinski <span dir="ltr"><<a href="mailto:mwatchinski@...402...">mwatchinski@...402...</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">README.stream5<br><br>    min_ttl <number>        - Minimum Time To Live.  The default is "1", the<br>
                              minimum is "1" and the maximum is "255".<br><br>can also be set in target policies per host if known.<br>
<br>Cheers,<br>-matt<div><div></div><div class="h5"><br><br><div class="gmail_quote">On Tue, Jan 5, 2010 at 12:53 PM, snort user <span dir="ltr"><<a href="mailto:snort.user@...2499..." target="_blank">snort.user@...2499...</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Happy New Year to all!<br>
<br>
Does snort/stream5 do any analysis to detect TTL based evasions?<br>
I was going through snort 2.8.x and did not find any.<br>
Please advise.<br>
<br>
Thanks<br>
<br>
------------------------------------------------------------------------------<br>
This SF.Net email is sponsored by the Verizon Developer Community<br>
Take advantage of Verizon's best-in-class app development support<br>
A streamlined, 14 day to market process makes app distribution fast and easy<br>
Join now and get one step closer to millions of Verizon customers<br>
<a href="http://p.sf.net/sfu/verizon-dev2dev" target="_blank">http://p.sf.net/sfu/verizon-dev2dev</a><br>
_______________________________________________<br>
Snort-devel mailing list<br>
<a href="mailto:Snort-devel@lists.sourceforge.net" target="_blank">Snort-devel@lists.sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/snort-devel" target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-devel</a><br>
</blockquote></div><br><br clear="all"><br></div></div><font color="#888888">-- <br>Matthew Watchinski<br>Sr. Director Vulnerability Research Team (VRT)<br>Sourcefire, Inc.<br>Office: 410-423-1928<br><a href="http://vrt-sourcefire.blogspot.com" target="_blank">http://vrt-sourcefire.blogspot.com</a> && <a href="http://www.snort.org/vrt/" target="_blank">http://www.snort.org/vrt/</a><br>


</font></blockquote></div><br><br clear="all"><br>-- <br>Matthew Watchinski<br>Sr. Director Vulnerability Research Team (VRT)<br>Sourcefire, Inc.<br>Office: 410-423-1928<br><a href="http://vrt-sourcefire.blogspot.com">http://vrt-sourcefire.blogspot.com</a> && <a href="http://www.snort.org/vrt/">http://www.snort.org/vrt/</a><br>