Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snot based attacks and the -z est option.

From: "larosa, vjay" <larosa_vjay () emc com>
Date: Fri, 26 Apr 2002 11:59:44 -0400
Alright Chris, now I feel like an A$#. The alerts I have been looking at
were all from an old log
file. I did not have an output plugin turned on to log any text, only binary
files. So now when
I run the test with snot again with and without the -z est option it seems
to be working correctly.
I am not picking up any TCP based events when using -z est option. By the
way you still have not told me if I am correct in my understanding of the
whole -z est concept.

vjl

-----Original Message-----
From: Chris Green [mailto:cmg () sourcefire com]
Sent: Friday, April 26, 2002 11:41 AM
To: larosa, vjay
Cc: 'snort-users () lists sourceforge net'
Subject: Re: [Snort-users] Snot based attacks and the -z est option.


"larosa, vjay" <larosa_vjay () emc com> writes:


When I use the -z est I would expect to not see any faked TCP
events.


What are the TCP events you are seeing?

-- 
Chris Green <cmg () sourcefire com>
 "Not everyone holds these truths to be self-evident, so we've worked
                  up a proof of them as Appendix A." --  Paul Prescod

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: