[Snort-sigs] SSH brute force attack sig

Erik Fichtner emf at ...3056...
Wed Jul 6 11:45:35 EDT 2005

Matt Jonkman wrote:
> Flowbits is part of the standard snort for anything remotely recent.
> The basis is you can use a flowbit like a variable, so you can pass
> information from one stream or one sig to another.

Well... sorta.  You can pass it from one sig to another that happens to
be operating on the same tcp flow.   You can't (yet--perhaps in the
future (please!)) glue two tcp flows together with flowbits.

Erik Fichtner; Unix Ronin

"Mathematics is something best shared between consenting adults
in the privacy of their own office" - Adam O'Donnell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 253 bytes
Desc: OpenPGP digital signature
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20050706/c0fed08e/attachment.sig>

More information about the Snort-sigs mailing list