Snort mailing list archives
Re: -z option
From: Martin Roesch <roesch () sourcefire com>
Date: Wed, 11 Aug 2004 16:25:08 -0400
Hi Joel,I originally implemented the -z mode to get Snort to ignore stick/snot/etc attacks by only alerting on TCP events if the session had been established first. It's probably superfluous at this point since we have the flow keywords available for the rules language now. In fact, we'll probably pull it out after 2.2 goes out the door...
-Marty On Aug 6, 2004, at 8:55 AM, Esler, Joel - Contractor wrote:
I'd like to hear from a sourcefire/devel person, or from people who havelots of experience with Snort. I'd like to hear what advantages the -z option gives you ( I mean, I know what it does, but I wanna hear from experience) J ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,one more big change to announce. We are now OSTG- Open Source TechnologyGroup. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Intelligent Security Monitoring roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- -z option Esler, Joel - Contractor (Aug 06)
- Re: -z option Martin Roesch (Aug 11)