Rule Options
111
The following rule logs 100 packets on the session after it is triggered.
alert tcp 192.168.2.0/24 23  > any any \
    (content: "boota"; msg: "Detected boota"; \
    tag: session, 100, packets;)
3.6.32 The tos Keyword
The tos keyword is used to detect a specific value in the Type of Service (TOS)
field of the IP header. The format for using this keyword is as follows:
tos: 1; 
For more information on the TOS field, refer to RFC 791 and Appendix C, where
the IP packet header is discussed.
3.6.33 The ttl Keyword
The ttl keyword is used to detect Time to Live value in the IP header of the packet.
The keyword has a value which should be an exact match to determine the TTL value.
This keyword can be used with all types of protocols built on the IP protocol, including
ICMP, UDP and TCP. The general format of the keyword is as follows:
ttl: 100; 
The traceroute utility uses TTL values to find the next hop in the path. The tracer 
oute sends UDP packets with increasing TTL values. The TTL value is decremented at
every hop. When it reaches zero, the router generates an ICMP packet to the source.
Using this ICMP packet, the utility finds the IP address of the router. For example, to
find the fifth hop router, the traceroute utility will send UDP packets with TTL value set
to 5. When the packet reaches the router at the fifth hop, its value becomes zero and an
ICMP packet is generated.
Using the ttl keyword, you can find out if someone is trying to traceroute through
your network. The only problem is that the keyword needs an exact match of the TTL
value.
For more information on the TTL field, refer to RFC 791 and Appendix C where
the IP packet header is discussed.
3.6.34 The uricontent Keyword
The uricontent keyword is similar to the content keyword except that it is used to
look for a string only in the URI part of a packet.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved