[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: firestorm question

To: Gianni Tedesco <gianni@xxxxxxxxxx>
Subject: Re: firestorm question
From: rmkml <rmkml@xxxxxxxxxx>
Date: Tue, 25 Mar 2003 18:56:54 +0100
Cc: firestorm@xxxxxxxxxxxxxxxx
Delivered-to: mailing list firestorm@scaramanga.co.uk
Mailing-list: contact firestorm-help@scaramanga.co.uk; run by ezmlm
References: <3E808521.4F35CEC2@wanadoo.fr> <1048611304.19129.28.camel@lemsip> <1048611533.493.38.camel@vaul.dark.lan> <3E808FFB.3BAF0563@wanadoo.fr> <1048613747.19130.45.camel@lemsip>
Sender: test@xxxxxxxxxx

Gianni Tedesco wrote:

> On Tue, 2003-03-25 at 17:20, rmkml wrote:
> > How track tcp session and if session is not full open (Syn-SynAck-Ack) and my
> > box send tcp Reset ...
>
> flow:!established; ?
>
> > More complicated in udp proto ....
>
> true, need a way of tracking UDP 'connections' so that if packet goes
> from A -> B, then traffic from B -> A will be considered 'established'
> and ICMP traffic as 'related'. That would be easy enough but at the
> moment I'm not spending too much time implementing features that aren't
> part of the snort rulesets as they will only find limited use...

like netfilter/iptable on linux ...

Follow-Ups:
- Re: firestorm question
  - From: Gianni Tedesco
- Re: firestorm question
  - From: rmkml

References:
- firestorm question
  - From: rmkml
- Re: firestorm question
  - From: Gianni Tedesco
- Re: firestorm question
  - From: Greg Sheard
- Re: firestorm question
  - From: rmkml
- Re: firestorm question
  - From: Gianni Tedesco

Prev by Date: Re: firestorm question
Next by Date: Re: firestorm question
Previous by thread: Re: firestorm question
Next by thread: Re: firestorm question
Index(es):
- Date
- Thread