[Snort-users] Snort 1.8.7b6 not listen to BPF filters

Michael Scheidell scheidell at ...5171...
Fri Jul 19 14:00:03 EDT 2002

> no alert is generated (which should probably be regarded as correct).
> What do you think?
> What happens if you run without -z?

Well, I don't like it if it did work with -z

It worked find at snort 1.8.5 (was that during '-z est' days?)

Besides, -zest checks for flags, right? why would that affect flags?

-z took care of it

'not src host' did nothing, so:

Option A)
leave out -z option and get flooded, DOSED by spoofed alerts

Option B)
leave out bpf filters and get flooded by internal traffic on that specific
ip ( which CANNOT BE FILTERED OUT with a pass any any rule since
some of the 'noise' triggers other preprocessors.

Can someone at snort look at code tree, cir: -zest time frame and see if
they modified something?

Michael Scheidell
SECNAP Network Security, LLC 
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Positions available see http://www.secnap.net/employment/

More information about the Snort-users mailing list