[Snort-devel] snort stateful inspection testing

Michael Scheidell scheidell at ...1197...
Sat Mar 16 07:54:03 EST 2002

> Now without the '-z' options the alert is obviously triggered but 
> with -z est the alert is triggered only the first time I simulate
> the connection! The second time, with different random sequence 
> numbers, snort is silent, and so on until I restart the process.

if memory serves me, the -zest option is supposed to block a DOS attack
(caused by multiple spoofed ip connections)

so, -zest worked?
you forged a tcp connection, and snort only alerted on the first one?

> "You must be,'said the Cat,'or you wouldn't have come here."

Michael Scheidell
SECNAP Network Security, LLC
(561) 368-9561 scheidell at ...1197...

More information about the Snort-devel mailing list