LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Snort's Flow Control options (https://www.linuxquestions.org/questions/linux-security-4/snorts-flow-control-options-183817/)

OlRoy 05-20-2004 02:52 PM
Snort's Flow Control options
 
Whats the difference between the flow control options (like to/from_server and to/from_client) and the arrow in the rule header that specifies the direction. Also what is the difference between these flow control options:

to_server and from_client
from_server and to_client
only_stream and established
no_stream and stateless

This all seems pretty redundant to me.

unSpawn 05-25-2004 03:09 PM
Whats the difference between the flow control options (...) and the arrow in the rule
Flow control is used where separate packets are stitched together to form a stream, flow. That way Snort can examine more. The "Writing Snort rules" HOWTO on Snort.org has the gory details (2.3.35 Flow).

OlRoy 05-28-2004 02:43 PM
Thanks... thats pretty cool you can make it stateful on a per rule basis. :cool:


All times are GMT -5. The time now is 12:57 AM.