[Snort-users] Large ICMP packets

Fyodor fygrave at ...121...
Fri Sep 29 19:12:35 EDT 2000


~ :
~ :	By the way, does anyone know of any reference where we can find 
~ :ICMP behaviours (and by extension, TCP/UDP)? I mean, I know that the
~ :payload of an ICMP ping message depends on the OS, that the Destination
~ :Unreachable ICMP packets include a portion of the original one, and that
~ :portion depends on the OS, ... Basically, what I'm asking for is passive

Well, there was ICMP scanning paper published recently (I don't have a url
handy, but make search on bugtraq). Also `Read RFCs, Lucke' :))




More information about the Snort-users mailing list