[Bro] IGMP analyzer
uday chekuri
uchekuru at gmail.com
Wed Jul 23 15:06:08 PDT 2008
I am having trace file containg an attack related to bid 514.
DOS IGMP dos attack sid 1:273:8 bid 514;"
snort is showing up but the converted snort2bro rule
signature s2b-273-8 {
header ip[9:1] == 2
event "DOS IGMP dos attack sid 1:273:8 bid 514;"
header ip[6:1] & 224 == 32
}
is not throwing any alerts.
Thats the reason why I asked
Thanks,
UC
On 7/15/08, Vern Paxson <vern at icir.org> wrote:
>
> > I am just wondering whether the IGMP analyzer is available in the new
> > version of bro 1.3.2???
>
>
> What IGMP analyzer are you referring to?
>
>
> Vern
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20080723/f9350f02/attachment.html
More information about the Bro
mailing list