[Snort-sigs] Stadeldracht

wh1ten0ise at ...366... wh1ten0ise at ...366...
Thu Feb 14 19:26:04 EST 2002


While reviewing a recent break-in, I wondered if I could
compose a rule to find the following scenario:

large packet size (>1000) ICMP type 3 which has no corellating
ICMP type 0

Obviously my attempt to cobble something together failed else I
would not be posting the question here.

tc
-- 




__________________________________________________________________
Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop at ...367...! http://shopnow.netscape.com/

Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/





More information about the Snort-sigs mailing list