[Snort-users] Land Attack
athomas at ...5484...
Mon Dec 30 23:34:07 EST 2002
What is the signature for a Land attack ?
All the documentation i could get hold mentioned 'Land Attack' to be a
TCP Syn packet with same Src IP/port and Dest IP/port.
Then how do we classify the DoS attack packet which has same Src IP and
( lets say it is not a TCP/UDP packet -> so port is not considered )
Snort signature for Land also has considered only the IP address and not
College of Computing
More information about the Snort-users