Snort mailing list archives
Re: Range values for TTL
From: "Tan Chee Leong" <tcleong () cyberway com sg>
Date: Mon, 7 May 2001 18:31:48 +0800
Hey thanks Fyodor. More than what I expected :) Hi Max, thks for the pointer. I'm sure there are more ways than just TTL to do OS finger printing. My rules will grow as I learn. Thks. ----- Original Message ----- From: "Fyodor" <fygrave () tigerteam net> To: "Tan Chee Leong" <tcleong () cyberway com sg> Cc: <snort-users () lists sourceforge net> Sent: Monday, May 07, 2001 3:56 AM Subject: Re: [Snort-users] Range values for TTL
On Mon, May 07, 2001 at 01:08:56AM +0800, Tan Chee Leong wrote:Hi, A question about rule-making. It doesn't seem possible to set a range
of
TTL values to check. Did I miss out something? If it is really not possible, can it be considered in the next version? This may be very helpful in identifying the platform of the intruder. Pardon me if I have been ignorant in the first place.We had 'ttl: < 5;' and 'ttl: > 6' support before. I just added support for : 'ttl: 5-10' (or even 'ttl: - 5;' or 'ttl: 5 -;' which is equal to '0-5' and '5-255' range), let me know if that's enough for your needs.. :-) You will need to cvsup current cvs tree. (or wait a day and fetch http://snort.sourceforge.net/snort-daily.tar.gz :)) cheers -Fyodor
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Range values for TTL Tan Chee Leong (May 06)
- Re: Range values for TTL Fyodor (May 06)
- Re: Range values for TTL Max Vision (May 06)
- Re: Range values for TTL Tan Chee Leong (May 07)
- Re: Range values for TTL Fyodor (May 06)