[Snort-users] Catching duplicate packets.
roesch at ...1...
Wed Jul 19 02:43:46 EDT 2000
You'd probably have to write a plugin to do this, there's no correlation
functionality within Snort at this point.
Patrick Audley wrote:
> Is it possible to write a rule or a plugin to catch tcp and/or
> udp packets with duplicate soure/dest/sequence information? Our
> network has had storms of these lately and I'd like to be able to
> catch them in action.
> "Most people would sooner die than think; in fact, they do so. "
> - Bertrand Russell (1872-1970)
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
Martin Roesch <roesch at ...2...>
Core R&D http://www.hiverworld.com
Hiverworld, Inc. Continuous Adaptive Risk Management
More information about the Snort-users