Custom Signatures
The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.
cancel
Showing results for 
Search instead for 
Did you mean: 

Discussions

How to make custom signature with segment field?

Recently, URL filter evasion application often use tcp segment field.

How to make custom application with tcp segment field?

 

Protocol sequence.

1. SYN 

2. SYN,ACK

3. ACK

4. PSH,ACK : TCP segment data has GET / HTTP/1.1

 

 

 

It can bypass our URL

...

dodgechrome_tcp_segment.png
bkim by L0 Member
  • 2872 Views
  • 2 replies
  • 0 Likes
Labels
  • dodge chrome 1