[Snort-sigs] SSH brute force attack sig
emf at ...3056...
Wed Jul 6 11:45:35 EDT 2005
Matt Jonkman wrote:
> Flowbits is part of the standard snort for anything remotely recent.
> The basis is you can use a flowbit like a variable, so you can pass
> information from one stream or one sig to another.
Well... sorta. You can pass it from one sig to another that happens to
be operating on the same tcp flow. You can't (yet--perhaps in the
future (please!)) glue two tcp flows together with flowbits.
Erik Fichtner; Unix Ronin
"Mathematics is something best shared between consenting adults
in the privacy of their own office" - Adam O'Donnell
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 253 bytes
Desc: OpenPGP digital signature
More information about the Snort-sigs