[Snort-users] Smurf/Fraggle

Martin Roesch roesch at ...421...
Thu Nov 9 03:15:04 EST 2000


Yep, you'd have to write a preprocessor to pick up this sort of activity.  It
probably wouldn't be too hard though...

Chris Green wrote:
> 
> Jacob Martinson <jmartinson at ...727...> writes:
> 
> > or more specifically . . . can snort be used to identify a pattern that is
> > spread across more than one packet?  ie, someone hitting portmap on 10
> > different machines in a short period of time . . .
> >
> > -jacob
> 
> I don't believe it can out of the box.  This type of thing requires a
> preprocessor plugin.
> 
> --
> Chris Green <cmg at ...671...>
> Life is a series of rude awakenings.
>                 -- R.V. Winkle
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list