Snort mailing list archives
Re: Snot based attacks and the -z est option.
From: counter.spy () gmx de
Date: Fri, 26 Apr 2002 17:18:19 +0200 (MEST)
Chris,
counter.spy () gmx de writes:Yep, I that's what I thought, too.When I use -z est, the only alerts I get are from stream4 & from spp_portscan
Version 1.8.7beta1 (Build 113) What alerts are you seing? -- Chris Green <cmg () sourcefire com> Fame may be fleeting but obscurity is forever.
You are right. I have retested with 1.8.6 and the only alerts I am seeing are various portscans. But this was not so in 1.8.4. BTW: Any idea, why my snort 1.8.6 still doesn't alert on "normal" portscans? (view my previous post) I only see Vecna scan, Null Scan, Fin Scan, Syn Fin and those stuff, but not the vanilla spp_portscan. Thanks, Detmar -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snot based attacks and the -z est option. larosa, vjay (Apr 24)
- <Possible follow-ups>
- FW: Snot based attacks and the -z est option. larosa, vjay (Apr 25)
- RE: Snot based attacks and the -z est option. counter . spy (Apr 25)
- Re: Snot based attacks and the -z est option. Chris Green (Apr 26)
- Re: Snot based attacks and the -z est option. counter . spy (Apr 26)
- Re: Snot based attacks and the -z est option. Chris Green (Apr 26)
- Re: Snot based attacks and the -z est option. Chris Green (Apr 26)
- RE: Snot based attacks and the -z est option. larosa, vjay (Apr 25)
- RE: Snot based attacks and the -z est option. larosa, vjay (Apr 26)
- Re: Snot based attacks and the -z est option. Chris Green (Apr 26)
- RE: Snot based attacks and the -z est option. larosa, vjay (Apr 26)
- RE: Snot based attacks and the -z est option. larosa, vjay (Apr 26)