Re: [Snort-users] frag3: Fragmentation overlap
This is a discussion on Re: [Snort-users] frag3: Fragmentation overlap within the Snort forums, part of the System Security and Security Related category; --===============1648201247== Content-Type: multipart/alternative; boundary="----=_Part_27155_22187180.1159208832968" ------=_Part_27155_22187180.1159208832968 Content-Type: text/plain; charset=ISO-8859-1; ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-25-2006
|
|||
|
|||
Re: [Snort-users] frag3: Fragmentation overlap
--===============1648201247==
Content-Type: multipart/alternative; boundary="----=_Part_27155_22187180.1159208832968" ------=_Part_27155_22187180.1159208832968 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Check out: http://www.snort.org/docs/snort_htma...00000000000000 http://cvs.snort.org/viewcvs.cgi/*ch...ype=text/plain There are a couple of references in the frag3 section of the manual (first link above) that are worth following. Also, a google search for "fragmentation attacks" should give you some info. Cheers, Justin On 9/25/06, Paul Schmehl <pauls@utdallas.edu> wrote: > > Can anyone explain exactly what this alert means? (Other than the fact > that the packets are being fragmented and there is overlap?) Is it the > prelude to an attack? A misconfigured host? > > Paul Schmehl (pauls@utdallas.edu) > Adjunct Information Security Officer > The University of Texas at Dallas > http://www.utdallas.edu/ir/security/ > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?p...rge&CID=DEVDEV > > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > ------=_Part_27155_22187180.1159208832968 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Check out: <br><br><a href="http://www.snort.org/docs/snort_htmanuals/htmanual_260/node11.html#SECTION00312000000000000000">http://www.snort.org/docs/snort_htmanuals/htmanual_260/node11.html#SECTION00312000000000000000</a> <br><a href="http://cvs.snort.org/viewcvs.cgi/*checkout*/snort/doc/README.frag3?rev=HEAD&content-type=text/plain">http://cvs.snort.org/viewcvs.cgi/*ch...ype=text/plain </a><br><br>There are a couple of references in the frag3 section of the manual (first link above) that are worth following. Also, a google search for "fragmentation attacks" should give you some info.<br><br><br> Cheers,<br>Justin<br><br><div><span class="gmail_quote">On 9/25/06, <b class="gmail_sendername">Paul Schmehl</b> <<a href="mailto:pauls@utdallas.edu">pauls@utdallas.ed u</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Can anyone explain exactly what this alert means? (Other than the fact<br>that the packets are being fragmented and there is overlap?) Is it the<br>prelude to an attack? A misconfigured host?<br><br>Paul Schmehl (<a href="mailto:pauls@utdallas.edu"> pauls@utdallas.edu</a>)<br>Adjunct Information Security Officer<br>The University of Texas at Dallas<br><a href="http://www.utdallas.edu/ir/security/">http://www.utdallas.edu/ir/security/</a><br><br><br>------------------------------------------------------------------------- <br>Take Surveys. Earn Cash. Influence the Future of IT<br>Join SourceForge.net's Techsay panel and you'll get the chance to share your<br>opinions on IT & business topics through brief surveys -- and earn cash<br><a href="http://www.techsay.com/default.php?page=join.php&p=sourceforge&CI D=DEVDEV"> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CI D=DEVDEV</a><br><br>________________________________________ _______<br>Snort-users mailing list<br><a href="mailto:Snort-users@lists.sourceforge.net"> Snort-users@lists.sourceforge.net</a><br>Go to this URL to change user options or unsubscribe:<br><a href="https://lists.sourceforge.net/lists/listinfo/snort-users">https://lists.sourceforge.net/lists/...fo/snort-users </a><br>Snort-users list archive:<br><a href="http://www.geocrawler.com/redir-sf.php3?list=snort-users">http://www.geocrawler.com/redir-sf.php3?list=snort-users</a><br><br><br></blockquote></div><br> ------=_Part_27155_22187180.1159208832968-- --===============1648201247== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?p...rge&CID=DEVDEV --===============1648201247== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users --===============1648201247==-- 
|
Linear Mode
