03-13-2008 03:34 AM
Hi,
If i want this signature to produce alert when recieve packet size within range 2000-3000 only, i will modify the packet size length for this range. My question is it need to make this value as 2000-3000 or there is an offsec i should keep it on my mind (24 bytes) so the value should be 1986-3204. please advice ???
Thanks
03-19-2008 09:23 AM
There is no such thing called as offsec . Always large range [1986-3204] would help in better scanning and analyzing the network.
06-11-2008 08:27 PM
Hi,
Hope fine. Can you pls tell me how can I mitigate Large_ICMP Alert in my firewall. What would be the best suited mitigation process/ work around to solve this.
Thanks
adnan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide