- 论坛徽章:
- 0
|
policy <type> - Select a target-based defragmentation mode. Available
types are first, last, bsd, bsd-right, linux, windows
and solaris. Default type is bsd.
The Paxson Active Mapping paper introduced the terminology
frag3 is using to describe policy types. It has been
extended to address differences between a true "first"
policy and how Windows and Solaris platforms handle
fragmented traffic. The known mappings are as follows.
Anyone who develops more mappings and would like to add
to this list please feel free to send us an email!
Platform | Type
---------------
AIX 2 | BSD
AIX 4.3 8.9.3 | BSD
Cisco IOS | Last
FreeBSD | BSD
HP JetDirect (printer) | BSD-right
HP-UX B.10.20 | BSD
HP-UX 11.00 | First
IRIX 4.0.5F | BSD
IRIX 6.2 | BSD
IRIX 6.3 | BSD
IRIX64 6.4 | BSD
Linux 2.2.10 | linux
Linux 2.2.14-5.0 | linux
Linux 2.2.16-3 | linux
Linux 2.2.19-6.2.10smp | linux
Linux 2.4.7-10 | linux
Linux 2.4.9-31SGI 1.0.2smp | linux
Linux 2.4 (RedHat 7.1-7.3) | linux
MacOS (version unknown) | First
NCD Thin Clients | BSD
OpenBSD (version unknown) | linux
OpenBSD (version unknown) | linux
OpenVMS 7.1 | BSD
OS/2 (version unknown) | BSD
OSF1 V3.0 | BSD
OSF1 V3.2 | BSD
OSF1 V4.0,5.0,5.1 | BSD
SunOS 4.1.4 | BSD
SunOS 5.5.1,5.6,5.7,5.8 | First
Solaris 9, Solaris 10 | Solaris
Tru64 Unix V5.0A,V5.1 | BSD
Vax/VMS | BSD
Windows (95/98/NT4/W2K/XP) | Windows
比如
preprocessor frag3_engine: policy linux bind_to 192.168.1.0/24
preprocessor frag3_engine: policy first bind_to [10.1.47.0/24,172.16.8.0/24]
preprocessor frag3_engine: policy last detect_anomalies
解释是
Note in the advanced example, there are three engines specified running with
linux, first and last policies assigned. The first two engines are bound to
specific IP address ranges and the last one applies to all other traffic,
packets that don't fall within the address requirements of the first two engines
automatically fall through to the third one.
但是完全不理解
policy它到底指定什么,难道是根据,这个网络数据包的目标地址的操作系统来进行的?
还有两个问题:
一:就是frag3要对所有的ip数据包都进行分片重组要怎么配置?
二:就是,我怎么去验证snort处理的数据包真的是帮我重组好了,我找不到验证方法
|
|