[Snort-users] spp_defrag.c beta 14

Baoqing Ye baoqing at ...115...
Tue Jul 25 22:13:54 EDT 2000


  I've tested the spp_defrag.c, it works great so far. (RH Linux, kernel
2.2.14). Thanks Dragos.

  BTW, it seems the snort doesn't work for the interface "lo".  I have to use
the interface eth0  in order to see the alert (which means I have to run the
simulation testing from two physically separate machines). Hopefully I am not
missing something here.
   Well, from real ID perspective, "lo" might not be worth to be listened. but
from the testing perspective it might  make life easier if lo is listened as
well, -- say. I might just want to give  a quick testing while I have only one
machine by hand.    Just a thought.

-Baoqing







More information about the Snort-users mailing list