Home page logo

snort logo Snort mailing list archives

Re: Triggering a complex snort rule (packet forging)
From: Jamie Riden <jamie.riden () gmail com>
Date: Tue, 2 Apr 2013 13:49:03 +0100

Sorry, I'm talking rubbish. The firewall will stop you from the outside as
it's not part of an established connection.

On 2 April 2013 13:47, Asiri Rathnayake <asiri.rathnayake () gmail com> wrote:


On Tue, Apr 2, 2013 at 1:31 PM, Jamie Riden <jamie.riden () gmail com> wrote:

You could look at grabbing a real packet and using tcpreplay maybe?

So, grab the packet from within the local network and then try to inject
it into the network (replay) from outside?

Sounds like a good idea, will give it a go.


- Asiri

Jamie Riden / jamie () honeynet org / jamie.riden () gmail com
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete 
for recognition, cash, and the chance to get your game on Steam. 
$5K grand prize plus 10 genre and skill prizes. Submit your demo 
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
Snort-sigs mailing list
Snort-sigs () lists sourceforge net

Please visit http://blog.snort.org for the latest news about Snort!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]