[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: firestorm bypass (snort advisory)

To: rmkml <rmkml@xxxxxxxxxx>
Subject: Re: firestorm bypass (snort advisory)
From: Gianni Tedesco <gianni@xxxxxxxxxx>
Date: 02 Apr 2003 12:26:21 +0100
Cc: firestorm@xxxxxxxxxxxxxxxx
Delivered-to: mailing list firestorm@scaramanga.co.uk
In-reply-to: <3E8ABF97.146C564C@wanadoo.fr>
Mailing-list: contact firestorm-help@scaramanga.co.uk; run by ezmlm
References: <3E89A5F7.CCB09E12@wanadoo.fr> <1049279264.25400.1071.camel@lemsip> <3E8ABF97.146C564C@wanadoo.fr>

On Wed, 2003-04-02 at 11:46, rmkml wrote:
> Thank for your reply,
> 
> Firestorm detect ECN Flags ?

ECN flags are valid normally so firestorm doesn't automatically alert on
them. You can use the following 'flags' field in a rule to match on
them:

 CWR bit: either '1' or 'C'
 ECE bit: either '2' or 'E'

-- 
// Gianni Tedesco (gianni at scaramanga dot co dot uk)
lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: firestorm bypass (snort advisory)
  - From: rmkml

References:
- firestorm bypass (snort advisory)
  - From: rmkml
- Re: firestorm bypass (snort advisory)
  - From: Gianni Tedesco
- Re: firestorm bypass (snort advisory)
  - From: rmkml

Prev by Date: Re: firestorm bypass (snort advisory)
Next by Date: Re: firestorm bypass (snort advisory)
Previous by thread: Re: firestorm bypass (snort advisory)
Next by thread: Re: firestorm bypass (snort advisory)
Index(es):
- Date
- Thread