[Snort-users] A question about flow:established keyword

Risto Vaarandi risto.vaarandi at ...5731...
Fri May 9 07:39:03 EDT 2003


Risto Vaarandi wrote:
  >
> I run into the same problem recently and at least for me it looks like 
> that flags:A+ and established are not identical. For example, the 
> difference comes out when the snort is able to observe only the incoming 
> traffic, but not the outcoming. In that case flags:A+ will produce 
                        ^^^^^^^^^
that should read "outgoing", sorry for the typo :)
-r








More information about the Snort-users mailing list