On Tue, 2003-03-25 at 16:55, Gianni Tedesco wrote: > On Tue, 2003-03-25 at 16:34, rmkml wrote: > > If an attacker send tcp Syn to me, > > > > If my box respond automaticaly tcp Reset, > > alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"RST"; flags:R;) > > > and other, > > If an attacker send udp to me, > > and my box respond automaticaly icmp port unreachable, > > alert icmp $HOME_NET any -> $EXTERNAL_NET any (msg: "ICMP"; itype: X; > icode: Y;) > > etc... > > or am i missing something? :) Won't the first one alert every time a TCP connection is closed by either party, so long as one of them is yourself? Greg. -- With searching comes loss and the presence of absence "My Novel" not found
Attachment:
signature.asc
Description: This is a digitally signed message part