[Snort-users] TFN2k signature?

Pete Philips pete at ...639...
Mon Oct 16 09:10:17 EDT 2000

Max Vision wrote:
> arachNIDS now contains several descriptions for TFN2k.  Be aware that the
> UDP and TCP rules are not likely to be accurate, as each is based solely on
> the packet contents (all UDP and TCP headers such as ports, flags, etc are
> randomized by TFN2k)

Thanks for all the information. Can you tell me the relationship
between the two sets of IDS rules for Snort? They both seem to
contain many of the same rules but obviously not all. Has there
been any attempt to integrate the two sets?



|   Pete Philips                                           \|/  |
|   Integralis S3 Team                                      O   |
|   E-mail:  pete.philips at ...640...                      |
|   Phone:   +44 118 930 6060                                   |
|   PGP Key: http://www.s3.integralis.co.uk/pgp/pete.pgp        |

More information about the Snort-users mailing list