Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort 1.8.7b6 not listen to BPF filters

From: Michael Scheidell <scheidell () secnap net>
Date: Fri, 19 Jul 2002 16:58:42 -0400 (EDT)
no alert is generated (which should probably be regarded as correct).

What do you think?
What happens if you run without -z?


Well, I don't like it if it did work with -z

It worked find at snort 1.8.5 (was that during '-z est' days?)

Besides, -zest checks for flags, right? why would that affect flags?

-z took care of it

'not src host' did nothing, so:

Option A)
leave out -z option and get flooded, DOSED by spoofed alerts

Option B)
leave out bpf filters and get flooded by internal traffic on that specific
ip (10.1.1.10) which CANNOT BE FILTERED OUT with a pass any any rule since
some of the 'noise' triggers other preprocessors.


Can someone at snort look at code tree, cir: -zest time frame and see if
they modified something?


-- 
Michael Scheidell
SECNAP Network Security, LLC 
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Positions available see http://www.secnap.net/employment/


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: