[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: firestorm question

To: rmkml <rmkml@xxxxxxxxxx>
Subject: Re: firestorm question
From: Gianni Tedesco <gianni@xxxxxxxxxx>
Date: 25 Mar 2003 16:55:03 +0000
Cc: firestorm@xxxxxxxxxxxxxxxx
Delivered-to: mailing list firestorm@scaramanga.co.uk
In-reply-to: <3E808521.4F35CEC2@wanadoo.fr>
Mailing-list: contact firestorm-help@scaramanga.co.uk; run by ezmlm
References: <3E808521.4F35CEC2@wanadoo.fr>

On Tue, 2003-03-25 at 16:34, rmkml wrote:
> If an attacker send tcp Syn to me,
> 
> If my box respond automaticaly tcp Reset,

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"RST"; flags:R;)

> and other,
> If an attacker send udp to me,
> and my box respond automaticaly icmp port unreachable,

alert icmp $HOME_NET any -> $EXTERNAL_NET any (msg: "ICMP"; itype: X;
icode: Y;)

etc...

or am i missing something? :)

-- 
// Gianni Tedesco (gianni at scaramanga dot co dot uk)
lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: firestorm question
  - From: Greg Sheard

References:
- firestorm question
  - From: rmkml

Prev by Date: firestorm question
Next by Date: Re: firestorm question
Previous by thread: firestorm question
Next by thread: Re: firestorm question
Index(es):
- Date
- Thread