[Snort-users] Is there a problem with Linux 2.4.0?

Ryan Russell ryan at ...35...
Thu Jan 11 16:09:52 EST 2001

On Fri, 12 Jan 2001, Jason Haar wrote:

> Owch - I forgot to mention I was running snort-1.7...
> The portscanning one is easy for me to block. I should anyway as I run
> nmap/nessus from there too. But the "probe-Queso Fingerprint attempt" and
> the like would still pop up... I wonder if that rule should be changed to not
> match all new Linux systems then... :-)

I wish I could remember more details, or find the thread in the
archives... perhaps it was an update to the ruleset, rather than Snort
itself?  Or perhaps I've just misidentified the problem entirely.. but I
do recall the newer kernels were setting of IDS systems.


More information about the Snort-users mailing list