[Snort-users] Snort 1.8.7b6 not listen to BPF filters
scheidell at ...5171...
Fri Jul 19 14:00:03 EDT 2002
> no alert is generated (which should probably be regarded as correct).
> What do you think?
> What happens if you run without -z?
Well, I don't like it if it did work with -z
It worked find at snort 1.8.5 (was that during '-z est' days?)
Besides, -zest checks for flags, right? why would that affect flags?
-z took care of it
'not src host' did nothing, so:
leave out -z option and get flooded, DOSED by spoofed alerts
leave out bpf filters and get flooded by internal traffic on that specific
ip (10.1.1.10) which CANNOT BE FILTERED OUT with a pass any any rule since
some of the 'noise' triggers other preprocessors.
Can someone at snort look at code tree, cir: -zest time frame and see if
they modified something?
SECNAP Network Security, LLC
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Positions available see http://www.secnap.net/employment/
More information about the Snort-users