[Snort-users] Error on new Rule
j.riden at ...11179...
Wed Mar 16 11:22:50 EST 2005
"Kendall Risselada" <krisselada at ...1150...> writes:
> As udp protocol is stateless, I don't know how this would be
Send an ICMP destination/host/port unreachable with spoofed source
address, which is what you would get if the port were really closed.
For UDP you should use the latter group, and for TCP the former, IIRC:
rst_snd send TCP-RST packets to the sending socket
rst_rcv send TCP-RST packets to the receiving socket
rst_all send TCP_RST packets in both directions
icmp_net send a ICMP_NET_UNREACH to the sender
icmp_host send a ICMP_HOST_UNREACH to the sender
icmp_port send a ICMP_PORT_UNREACH to the sender
icmp_all send all above ICMP packets to the sender
James Riden / j.riden at ...11179... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
More information about the Snort-users