On Mon, 2003-03-24 at 12:37, Gianni Tedesco wrote: > On Fri, 2003-03-21 at 16:25, rmkml wrote: > > ok join tcpdump. > > first session not view with firestorm/prelude, > > second session view with all firestorm/prelude/snort. > > OK, I can now confirm that this is a bug. I will look in to it and post > a patch as soon as I have one. Hmm, it seems I jumped the gun. With latest firestorm from cvs, with HOME_NET and EXTERNAL_NET set to 'any' the default ruleset triggers on this just fine: 1048263639.030696 alert=sig.tcp sig=255.6 priority=2 src=192.168.1.2 dst=193.252.19.2 proto=6 spt=34914 dpt=53 flags=***PA*** from=client server=ESTABLISHED client=ESTABLISHED : DNS zone transfer Not sure why this ever would have failed... -- // Gianni Tedesco (gianni at scaramanga dot co dot uk) lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
Attachment:
signature.asc
Description: This is a digitally signed message part