[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: firestorm question

To: firestorm@xxxxxxxxxxxxxxxx
Subject: Re: firestorm question
From: rmkml <rmkml@xxxxxxxxxx>
Date: Tue, 25 Mar 2003 19:09:21 +0100
Delivered-to: mailing list firestorm@scaramanga.co.uk
Mailing-list: contact firestorm-help@scaramanga.co.uk; run by ezmlm
References: <3E808521.4F35CEC2@wanadoo.fr> <1048611304.19129.28.camel@lemsip> <1048611533.493.38.camel@vaul.dark.lan> <3E808FFB.3BAF0563@wanadoo.fr> <1048613747.19130.45.camel@lemsip> <3E809866.9686F6E3@wanadoo.fr>
Sender: test@xxxxxxxxxx

and other question:
if tcp session is established,
but no data before closed ...




rmkml wrote:

> Gianni Tedesco wrote:
>
> > On Tue, 2003-03-25 at 17:20, rmkml wrote:
> > > How track tcp session and if session is not full open (Syn-SynAck-Ack) and my
> > > box send tcp Reset ...
> >
> > flow:!established; ?
> >
> > > More complicated in udp proto ....
> >
> > true, need a way of tracking UDP 'connections' so that if packet goes
> > from A -> B, then traffic from B -> A will be considered 'established'
> > and ICMP traffic as 'related'. That would be easy enough but at the
> > moment I'm not spending too much time implementing features that aren't
> > part of the snort rulesets as they will only find limited use...
>
> like netfilter/iptable on linux ...

References:
- firestorm question
  - From: rmkml
- Re: firestorm question
  - From: Gianni Tedesco
- Re: firestorm question
  - From: Greg Sheard
- Re: firestorm question
  - From: rmkml
- Re: firestorm question
  - From: Gianni Tedesco
- Re: firestorm question
  - From: rmkml

Prev by Date: Re: firestorm question
Next by Date: Re: firestorm question
Previous by thread: Re: firestorm question
Next by thread: Re: firestorm question
Index(es):
- Date
- Thread