Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snot based attacks and the -z est option.

From: "larosa, vjay" <larosa_vjay () emc com>
Date: Fri, 26 Apr 2002 12:03:09 -0400
Maybe that is why I was originally having trouble, I started out with 1.8.4,
and when I had trouble 
with -z est, I upgraded to 1.8.6 and moved on to some other tests, (That's
when I changed over
to the binary output method and forgot to switch back for the snot testing).


vjl

-----Original Message-----
From: Chris Green [mailto:cmg () sourcefire com]
Sent: Friday, April 26, 2002 11:39 AM
To: counter.spy () gmx de
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snot based attacks and the -z est option.


counter.spy () gmx de writes:


You are right. I have retested with 1.8.6 and the only alerts I am
seeing are various portscans. But this was not so in 1.8.4.


1.8.4 was never officially released :-)



BTW: Any idea, why my snort 1.8.6 still doesn't alert on "normal"
portscans?  (view my previous post) I only see Vecna scan, Null
Scan, Fin Scan, Syn Fin and those stuff, but not the vanilla
spp_portscan.


No idea. It's on the TODO list to replace.
-- 
Chris Green <cmg () sourcefire com>
Fame may be fleeting but obscurity is forever.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: