[Snort-users] Re: [Snort-devel] snort stateful inspection testing

Michael Scheidell scheidell at ...5171...
Thu Mar 21 13:13:58 EST 2002


> 
> Now without the '-z' options the alert is obviously triggered but 
> with -z est the alert is triggered only the first time I simulate
> the connection! The second time, with different random sequence 
> numbers, snort is silent, and so on until I restart the process.

if memory serves me, the -zest option is supposed to block a DOS attack
(caused by multiple spoofed ip connections)

so, -zest worked?
you forged a tcp connection, and snort only alerted on the first one?

> "You must be,'said the Cat,'or you wouldn't have come here."

-- 
Michael Scheidell
SECNAP Network Security, LLC
(561) 368-9561 scheidell at ...5171...
http://www.secnap.net/





More information about the Snort-users mailing list