[Snort-users] Catching duplicate packets.

Martin Roesch roesch at ...1...
Wed Jul 19 02:43:46 EDT 2000

You'd probably have to write a plugin to do this, there's no correlation
functionality within Snort at this point.


Patrick Audley wrote:
>        Is it possible to write a rule or a plugin to catch tcp and/or
> udp packets with duplicate soure/dest/sequence information?  Our
> network has had storms of these lately and I'd like to be able to
> catch them in action.
>                                         Thanks.
> --
> "Most people would sooner die than think; in fact, they do so. "
> - Bertrand Russell (1872-1970)
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

Martin Roesch                      <roesch at ...2...>
Core R&D                         http://www.hiverworld.com
Hiverworld, Inc.       Continuous Adaptive Risk Management

More information about the Snort-users mailing list