[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: firestorm question

To: Gianni Tedesco <gianni@xxxxxxxxxx>
Subject: Re: firestorm question
From: rmkml <rmkml@xxxxxxxxxx>
Date: Tue, 25 Mar 2003 19:19:10 +0100
Cc: firestorm@xxxxxxxxxxxxxxxx
Delivered-to: mailing list firestorm@scaramanga.co.uk
Mailing-list: contact firestorm-help@scaramanga.co.uk; run by ezmlm
References: <3E808521.4F35CEC2@wanadoo.fr> <1048611304.19129.28.camel@lemsip> <1048611533.493.38.camel@vaul.dark.lan> <3E808FFB.3BAF0563@wanadoo.fr> <1048613747.19130.45.camel@lemsip>
Sender: test@xxxxxxxxxx

Gianni Tedesco wrote:

> On Tue, 2003-03-25 at 17:20, rmkml wrote:
> > How track tcp session and if session is not full open (Syn-SynAck-Ack) and my
> > box send tcp Reset ...
>
> flow:!established; ?

Yes,
but I have many false,
because, my linux send Reset if receive packet after Fin<->Fin ...
do you have "closed" expression ? (or similar)
(flow:!established,!closed; = Event Reset if after tcp session (not established ||
not closed) )

Regard.

References:
- firestorm question
  - From: rmkml
- Re: firestorm question
  - From: Gianni Tedesco
- Re: firestorm question
  - From: Greg Sheard
- Re: firestorm question
  - From: rmkml
- Re: firestorm question
  - From: Gianni Tedesco

Prev by Date: Re: firestorm question
Next by Date: Firestorm and Fragmentation
Previous by thread: Re: firestorm question
Next by thread: Firestorm and Fragmentation
Index(es):
- Date
- Thread