![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: [Snort-devel] snort stateful inspection testing
From: Michael Scheidell <scheidell () secnap net>
Date: Sat, 16 Mar 2002 10:53:03 -0500 (EST)
Now without the '-z' options the alert is obviously triggered but with -z est the alert is triggered only the first time I simulate the connection! The second time, with different random sequence numbers, snort is silent, and so on until I restart the process.
if memory serves me, the -zest option is supposed to block a DOS attack (caused by multiple spoofed ip connections) so, -zest worked? you forged a tcp connection, and snort only alerted on the first one?
"You must be,'said the Cat,'or you wouldn't have come here."
-- Michael Scheidell SECNAP Network Security, LLC (561) 368-9561 scheidell () secnap net http://www.secnap.net/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort stateful inspection testing Andrea Barisani (Mar 16)
- Ignore portscan from dynamic IP Dan McIntosh (Mar 16)
- Message not available
- Re: [Snort-devel] snort stateful inspection testing Andrea Barisani (Mar 17)
- Re: [Snort-devel] snort stateful inspection testing Michael Scheidell (Mar 21)
- Re: [Snort-devel] snort stateful inspection testing Andrea Barisani (Mar 17)