[Snort-users] Window Size

Andy Wood andy.wood at ...9040...
Thu Jun 19 13:38:06 EDT 2003


	Can rules be written to detect a certain WINDOW size (See below
kernel msg(not sure if WINDOW=dsize))

Jun 17 06:59:57 darkgate kernel: TCP DROP: IN=br0 OUT=br0 PHYSIN=eth0
PHYSOUT=eth1 SRC=54.209.165.71 DST=216.216.216.216 LEN=52 TOS=0x00 PREC=0x00
TTL=99 ID=57300 PROTO=TCP SPT=56102 DPT=55533 WINDOW=55808 RES=0x00 SYN
URGP=0

	Thanks, 
	Andy




More information about the Snort-users mailing list