[Snort-devel] snort stateful inspection testing
scheidell at ...1197...
Sat Mar 16 07:54:03 EST 2002
> Now without the '-z' options the alert is obviously triggered but
> with -z est the alert is triggered only the first time I simulate
> the connection! The second time, with different random sequence
> numbers, snort is silent, and so on until I restart the process.
if memory serves me, the -zest option is supposed to block a DOS attack
(caused by multiple spoofed ip connections)
so, -zest worked?
you forged a tcp connection, and snort only alerted on the first one?
> "You must be,'said the Cat,'or you wouldn't have come here."
SECNAP Network Security, LLC
(561) 368-9561 scheidell at ...1197...
More information about the Snort-devel