[Snort-users] third party utility to kill ...

Ronneil Camara ronneilc at ...4042...
Thu Jan 31 17:10:23 EST 2002


-> -----Original Message-----
-> From: Matt Kettler [mailto:mkettler at ...4108...]
-> Sent: Thursday, January 31, 2002 6:14 PM
-> To: Ronneil Camara
-> Cc: snort-users at lists.sourceforge.net
-> Subject: RE: [Snort-users] third party utility to kill ...
-> 
-> 
-> Don't belive me that such a bypass is possible? Read a bit about how 
-> purposefully sending tcp segments out-of-order helps this:
-> 
-> http://www.securityfocus.com/infocus/1540
-> 
-> (interestingly that article pointed out a pcap latency bit 
-> on BSD variants 
-> I was unaware of.)

Ok. This captured my attention since I am running snort on OpenBSD and FreeBSD.

And btw, flexresp doesn't work with Openbsd if snort is run on a stealth
interface. I tried it on 3 different openbsd machine. Though, I only tried it
on Openbsd 3.0. Btw, flexresp works in FreeBSD on a stealth interface.

I'll read that article.

Thanks Matt.

Neil




More information about the Snort-users mailing list