Re: [Snort-users] Slow down TCP connections
This is a discussion on Re: [Snort-users] Slow down TCP connections within the Snort forums, part of the System Security and Security Related category; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Aug 29, 2004, at 1:14 PM, Keith W. McCammon wrote: >> ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-30-2004
|
|||
|
|||
Re: [Snort-users] Slow down TCP connections
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 On Aug 29, 2004, at 1:14 PM, Keith W. McCammon wrote: >> Right know, I've just compiled and installed snort 2.2.0 with >> flexresp2 >> support. I'm about to test flexresp2 capabilities, but It seems to >> have no >> support for slowing down TCP connections (i.e. for slowing down TCP >> Scans >> for instance...) > > Why would Snort want to "slow down" a TCP scan? Snort will catch it, > and under certain circumstances, flexresp2 can reset those > connections. That's pretty much the extent of Snort's involvement. > >> Do you know any plug-in that allows Snort to slow down TCP >> connections speed >> (i.e. resize TCP window size) ? > > No. What would you accomplish by doing this? Either block the > traffic or don't. Slowing it down won't really get you anywhere > (it'll just take the attacker longer to do the same thing). I think the point of "slowing down" TCP connections is to exhaust socket descriptors on the host performing the scanning. It depends entirely on a number of factors, but if you "control the horizontal and the vertical", then you can certainly have some fun tarpitting machines. - -Jeff - -- Top security experts. Cutting edge tools, techniques and information. Tokyo, Japan November, 2004 http://www.pacsec.jp -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBMpGcEqr8+Gkj0/0RAiX9AKCAhb6SxhuTYh6zWk6CcF5qOHuHcwCgqW5Q rmESfyFfYeBmfHy36b+GVuM= =Uv25 -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 11:50 AM.
