Snort mailing list archives
Re: Error on new Rule
From: James Riden <j.riden () massey ac nz>
Date: Thu, 17 Mar 2005 08:22:01 +1300
"Kendall Risselada" <krisselada () farm9 com> writes:
As udp protocol is stateless, I don't know how this would be implemented
Send an ICMP destination/host/port unreachable with spoofed source address, which is what you would get if the port were really closed. For UDP you should use the latter group, and for TCP the former, IIRC: rst_snd send TCP-RST packets to the sending socket rst_rcv send TCP-RST packets to the receiving socket rst_all send TCP_RST packets in both directions icmp_net send a ICMP_NET_UNREACH to the sender icmp_host send a ICMP_HOST_UNREACH to the sender icmp_port send a ICMP_PORT_UNREACH to the sender icmp_all send all above ICMP packets to the sender cheers, Jamie -- James Riden / j.riden () massey ac nz / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/ ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Error on new Rule Ron Jenkins (Mar 16)
- <Possible follow-ups>
- RE: Error on new Rule Ron Jenkins (Mar 16)
- RE: Error on new Rule Kendall Risselada (Mar 16)
- Re: Error on new Rule James Riden (Mar 16)
- RE: Error on new Rule Kendall Risselada (Mar 16)
- RE: Error on new Rule Snort (Mar 16)
- RE: Error on new Rule Joshua Berry (Mar 16)