[Snort-users] Snort Log Despoofer
cmg at ...1935...
Thu May 16 04:39:02 EDT 2002
Glenn Larsson <ichinin at ...5794...> writes:
> Hi Scot.
> Do note; It's beta, i've only tried it in my Home network so even i
> can't tell with 100% accuracy how it will behave, even though it
> just read the Alert file and send ICMP_Echo to the hosts; Hence the
> warning - Do not use the program in a production environment.
> Anyways, i've been thinking about releasing the sourcecode, if i
> decide to release it it'll probably be on My page or Sourceforge. It
> won't happen today though - maby Saturday/Sunday.
Just as a note, ATTACK RESPONSES is designed to show whats coming from
your network and so measuring the internal TTL is showing how your
routes have changed.
Comparing TTL after the fact and a differences could ( would likely ) mean
TCP rules are nearly impossible to spoof when using the stateful
inspection stream4 capabilities in conjunction with
in your config file.
Chris Green <cmg at ...1935...>
"Not everyone holds these truths to be self-evident, so we've worked
up a proof of them as Appendix A." -- Paul Prescod
More information about the Snort-users