|
version 1.7, 2007/12/10 19:12:30
|
version 1.8, 2008/03/12 20:16:36
|
|
|
|
| Default is 60 seconds. | Default is 60 seconds. |
| ttl_limit <hops> - Max TTL delta acceptable for packets based on the first | ttl_limit <hops> - Max TTL delta acceptable for packets based on the first |
| packet in the fragment. Default is 5. | packet in the fragment. Default is 5. |
| |
NOTE: ttl_limit is only available for backwards |
| |
compatibility, and its value will be ignored. ttl_limit |
| |
will be deprecated in a future release. |
| min_ttl <value> - Minimum acceptable TTL value for a fragment packet. | min_ttl <value> - Minimum acceptable TTL value for a fragment packet. |
| Default is 1. | Default is 1. |
| detect_anomalies - Detect fragment anomalies | detect_anomalies - Detect fragment anomalies |
|
|
|
| preprocessor frag3_engine | preprocessor frag3_engine |
| | |
| Example configuration (Advanced) | Example configuration (Advanced) |
| preprocessor frag3_global: prealloc_nodes 8192 |
preprocessor frag3_global: prealloc_frags 8192 |
| preprocessor frag3_engine: policy linux, bind_to 192.168.1.0/24 | preprocessor frag3_engine: policy linux, bind_to 192.168.1.0/24 |
| preprocessor frag3_engine: policy first, bind_to [10.1.47.0/24,172.16.8.0/24] | preprocessor frag3_engine: policy first, bind_to [10.1.47.0/24,172.16.8.0/24] |
| preprocessor frag3_engine: policy last, detect_anomalies | preprocessor frag3_engine: policy last, detect_anomalies |
|
|
|
| 8 Fragmentation overlap | 8 Fragmentation overlap |
| 9 IPv6 BSD mbufs remote kernel buffer overflow | 9 IPv6 BSD mbufs remote kernel buffer overflow |
| 10 Bogus fragmentation packet. Possible BSD attack | 10 Bogus fragmentation packet. Possible BSD attack |
| |
11 TTL value less than configured minimum, not using for reassembly |
Return to
README.frag3
CVS log
Up to [cvs] / snort / doc