[Snort-users] Interesting

beenph beenph at ...11827...
Tue Dec 11 12:10:06 EST 2012


On Tue, Dec 11, 2012 at 9:59 AM, Lay, James <james.lay at ...15009...>
wrote:
>
> http://code.google.com/p/topera/
>
>
>
> “invisible to snort”
>
>
Seem's like its only chaining IPv6 IPv6 Extension Header - Destination
Options Header Using scrapy.
ipeh = IPv6ExtHdrDestOpt()/IPv6ExtHdrDestOpt()/IPv6ExtHdrDestOpt()/
IPv6ExtHdrDestOpt()/IPv6ExtHdrDestOpt()/IPv6ExtHdrDestOpt()/
IPv6ExtHdrDestOpt()/IPv6ExtHdrDestOpt()/IPv6ExtHdrDestOpt()

And the tool should trigger
  DecoderEvent(p, DECODE_IP6_EXCESS_EXT_HDR,
                     DECODE_IP6_EXCESS_EXT_HDR_STR,
                     1, 1);
#define IP6_EXTMAX               8
;)

-elz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121211/1fe8ea0d/attachment.html>


More information about the Snort-users mailing list