[Snort-users] -z option

Martin Roesch roesch at ...1935...
Wed Aug 11 13:26:08 EDT 2004


Hi Joel,

I originally implemented the -z mode to get Snort to ignore 
stick/snot/etc attacks by only alerting on TCP events if the session 
had been established first.  It's probably superfluous at this point 
since we have the flow keywords available for the rules language now.  
In fact, we'll probably pull it out after 2.2 goes out the door...

      -Marty

On Aug 6, 2004, at 8:55 AM, Esler, Joel - Contractor wrote:

> I'd like to hear from a sourcefire/devel person, or from people who 
> have
> lots of experience with Snort.  I'd like to hear what advantages the -z
> option gives you ( I mean, I know what it does, but I wanna hear from
> experience)
>
> J
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by OSTG. Have you noticed the changes on
> Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
> one more big change to announce. We are now OSTG- Open Source 
> Technology
> Group. Come see the changes on the new OSTG site. www.ostg.com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list