Snort mailing list archives
Re: Snot attacks and -z est option - regarding FAQ 1.9
From: Andrea Barisani <lcars () infis univ trieste it>
Date: Mon, 25 Mar 2002 15:23:33 +0100
Hi, On Mon, Mar 25, 2002 at 02:44:30PM +0100, counter.spy () gmx de wrote:
Another question: I have performed some testing with snot-0.92a attacks against snort during the last few weeks. Another issue is that I tried to reduce the alerts that were caused by snot by using the -z est option. That idea was based on my assumption that snot causes many fake connections, i.e. no real connections are established. This did not help, I still got most of the alerts.
I've done some testing too with my 'Firewall Tester' and I've found that with the -z est option snort never issue an alert on unrelated packets, maybe the alerts you are seeing are generated by SYN packets and not ACK+ ones. Bye ------------------------------------------------------------ INFIS Network Administrator & Security Officer .*. Department of Physics - University of Trieste /V\ lcars () infis univ trieste it - PGP Key 0x8E21FE82 (/ \) ---------------------------------------------------- ( ) "How would you know I'm mad?" said Alice. ^^-^^ "You must be,'said the Cat,'or you wouldn't have come here." ------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snot attacks and -z est option - regarding FAQ 1.9 counter . spy (Mar 25)
- Re: Snot attacks and -z est option - regarding FAQ 1.9 Andrea Barisani (Mar 25)
- Re: Snot attacks and -z est option - regarding FAQ 1.9 Anton A. Chuvakin (Mar 25)