[Snort-users] 2.0 bug in flow:?
Jason.Haar at ...294...
Fri Aug 1 03:28:05 EDT 2003
On Thu, Jul 31, 2003 at 08:43:34PM -0400, Matt Kettler wrote:
> You shouldn't need -z to make flows work. The reason -z exists is you can
> use it to essentially add "flow: established" to every rule in the ruleset
> without having to edit them. This was probably only useful before flows
> became fairly common in the ruleset.
So after all that it does appear I have found a problem then? -
"from_server" matching on packets that are really "to_server"?
Is there any other way in which flows can be disabled that I am unaware of?
- otherwise it still looks like a bug.
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the Snort-users