[Snort-users] flexresp2 is back and needs testing

Jeff Nathan jeff at ...950...
Wed Sep 8 13:50:03 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Sep 8, 2004, at 4:30 PM, James Riden wrote:

> Jeff Nathan <jeff at ...950...> writes:
>
>> Yes, I finished a testable version.  It's in your inbox.  As for the
>> rest of the snortees, anyone wishing to test this before it's imported
>> into the tree should email me directly or find me on the freenode IRC
>> channel.
>
> What changes have gone into the latest version? I'm happy to test, but
> if I'm not likely to be triggering any bugs, it may not be very much
> use.
>
> cheers,
>  Jamie
> -- 
> James Riden / j.riden at ...11179... / Systems Security Engineer
> Information Technology Services, Massey University, NZ.
> GPG public key available at: http://www.massey.ac.nz/~jriden/


The latest version is much more aggressive in brute forcing TCP 
sequence and acknowledgment numbers so it can successfully reset a TCP 
session.  Also, the latest version rate-limits responses in the event 
someone creates a rule that can be triggered repeatedly.

- -Jeff

- --
Craft custom packets from the comfort of your home.
http://nemesis.sourceforge.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFBP3BXEqr8+Gkj0/0RAvjgAJ41X2mZllFI8eExvxkul34ggqovXQCeL7Py
bBw0R2hWPVqcjU4bleJaEXA=
=RnDq
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list