[Snort-sigs] Simple Question!!

SAM IDS sam_ids at ...144...
Wed Mar 31 09:12:15 EST 2004


Well ..
I this wasnt exactly the way of reply i was expecting from Any one on these lists
I didnt do anything wrong by asking a question .. 
by the way i am a developer too..i'm not playing.
And I am developing an IDS and need some explanation of Signature of attacks
you could just kindly gave me a link where i can find an answer
instead this long message.
 
SAM_IDS
 
Nigel Houghton <nigel at ...435...> wrote:
The questions you are asking are all answered in the copious Snort
documentation. This list is for the discussion of Snort signature
development and other issues concerning rules. Please refer to the
documentation first before asking a question, and when you do ask a
question, please ask on the correct list, snort-users is a good place to
seek help for many things.

Finally, please do not cross-post to multiple lists.

On 0, SAM IDS allegedly wrote:
> hello ,
> In the 
> Signature : alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"DOS IGMP dos attack"; content:"|02 00|"; depth: 2; ip_proto: 2; fragbits: M+; reference:cve,CVE-1999-0918; classtype:attempted-dos; sid:272; rev:2;) 
> 
> Whats meant by:
> 1.depth: 2
> 2.fragbits: M+

--
Nigel Houghton Research Engineer Sourcefire Inc.
Vulnerability Research Team

In an emergency situation involving two or more officers of equal rank,
seniority will be granted to whichever officer can program a vcr.

---------------------------------
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20040331/884c0bff/attachment.html>


More information about the Snort-sigs mailing list