[Snort-users] Snot based attacks and the -z est option.

larosa, vjay larosa_vjay at ...3331...
Fri Apr 26 09:04:09 EDT 2002


Maybe that is why I was originally having trouble, I started out with 1.8.4,
and when I had trouble 
with -z est, I upgraded to 1.8.6 and moved on to some other tests, (That's
when I changed over
to the binary output method and forgot to switch back for the snot testing).


vjl

-----Original Message-----
From: Chris Green [mailto:cmg at ...1935...]
Sent: Friday, April 26, 2002 11:39 AM
To: counter.spy at ...348...
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snot based attacks and the -z est option.


counter.spy at ...348... writes:

> You are right. I have retested with 1.8.6 and the only alerts I am
> seeing are various portscans. But this was not so in 1.8.4.

1.8.4 was never officially released :-)

>
> BTW: Any idea, why my snort 1.8.6 still doesn't alert on "normal"
> portscans?  (view my previous post) I only see Vecna scan, Null
> Scan, Fin Scan, Syn Fin and those stuff, but not the vanilla
> spp_portscan.

No idea. It's on the TODO list to replace.
-- 
Chris Green <cmg at ...1935...>
Fame may be fleeting but obscurity is forever.


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list