bad0268e82
is considered "suspicious" with the actual TTL of a test packet sent to that host, to try and detect packet spoofing. It is intended to be used as part of an IDS system.
8 lines
322 B
Plaintext
8 lines
322 B
Plaintext
A command-line anti-spoofing detection utility. The idea is simple --
|
|
if you receive a packet that you suspect is spoofed, try to determine
|
|
the real TTL of the packet and compare it to the TTL of the packet you
|
|
received. This is intended to be used as a component of an IDS
|
|
toolkit.
|
|
|
|
WWW: http://razor.bindview.com/tools/
|