LinuxQuestions.org - Snort flags SYN Question

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Snort flags SYN Question (https://www.linuxquestions.org/questions/linux-security-4/snort-flags-syn-question-122636/)

gfyspf

12-04-2003 09:04 AM

Snort flags SYN Question

Does any one know what the different options are and mean for snort flags with the syn option. Example below:

alert external_ip any -> internal_ip 8080 (flags:S,12; msg "Possible SYN scan";)

I know 12 has to do with finding a syn packets regardless of the values of the reserved bits.

Could anyone clarify this more? Also are there other options?

Thanks

unSpawn

12-10-2003 10:12 AM

Thanks
I see you already got answered on the snort-users ML.
Adding any replies that cleared it up for you would be cool.

All times are GMT -5. The time now is 01:42 AM.