IDS mailing list archives
Re: Snort 2.8.0.1 and No TCP Alerts.
From: Stefano Zanero <zanero () elet polimi it>
Date: Sat, 19 Jan 2008 16:01:17 +0100
lkgh04 () gmail com wrote:
I setup Snort 2.8.0.1 on debian 4.0. Everything seems fine except it doesn't alerts any TCP alerts. It sees all icmp traffics and logs all alerts but none of TCP alerts. I used Idswakeup to test these rules and none of alerts are firing. In snort forum, there was one thread related to this type of trouble with 2.6 version. I tested with -k none options and it didn't help me out.
IDSWakeup is stateless. Snort 2.8 probably ignores the out-of-state packets it is producing. Stefano ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
Current thread:
- Snort 2.8.0.1 and No TCP Alerts. lkgh04 (Jan 18)
- Re: Snort 2.8.0.1 and No TCP Alerts. Stefano Zanero (Jan 21)
- Re: Snort 2.8.0.1 and No TCP Alerts. Andrea Barisani (Jan 21)
- Re: Snort 2.8.0.1 and No TCP Alerts. Stefano Zanero (Jan 21)