[Snort-users] Snot based attacks and the -z est option.
larosa_vjay at ...3331...
Fri Apr 26 09:04:09 EDT 2002
Maybe that is why I was originally having trouble, I started out with 1.8.4,
and when I had trouble
with -z est, I upgraded to 1.8.6 and moved on to some other tests, (That's
when I changed over
to the binary output method and forgot to switch back for the snot testing).
From: Chris Green [mailto:cmg at ...1935...]
Sent: Friday, April 26, 2002 11:39 AM
To: counter.spy at ...348...
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snot based attacks and the -z est option.
counter.spy at ...348... writes:
> You are right. I have retested with 1.8.6 and the only alerts I am
> seeing are various portscans. But this was not so in 1.8.4.
1.8.4 was never officially released :-)
> BTW: Any idea, why my snort 1.8.6 still doesn't alert on "normal"
> portscans? (view my previous post) I only see Vecna scan, Null
> Scan, Fin Scan, Syn Fin and those stuff, but not the vanilla
No idea. It's on the TODO list to replace.
Chris Green <cmg at ...1935...>
Fame may be fleeting but obscurity is forever.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users