Snort mailing list archives
Re: spp_stream4 preprocessor problem
From: Martin Roesch <roesch () sourcefire com>
Date: Thu, 26 Jul 2001 11:38:45 -0400
If you update to the 1.8.1-beta5 code, Snort has been changed so that you have to explicitly turn on TCP state violation alerts. It turns out that not all IP stacks are created equal and they quite frequently do things that are considered "bad". Beta5 is available at http://www.snort.org/files/snort-1.8.1-beta5.tar.gz -Marty tdangler () linuxisland com wrote:
Hello all, Just got a quick question here. First some info. I'm running snort-1.8 and it is started with: snort -u snort -g snort -d -D -z est -i eth0 -c snort.conf There is a web server running on this machine. In my messages file I get several of the below listed spp_stream4 messages. Is this normal, or is there a way to not log these messages? Any help would be much appreciated. TD Unusual System Events =-=-=-=-=-=-=-=-=-=-= Jul 25 18:02:19 mail snort: spp_stream4: Possible RETRANSMISSION detection: 64.111.152.169:61206 -> xxx.xxx.xxx.xxx:80 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list
-- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- spp_stream4 preprocessor problem tdangler (Jul 26)
- Re: spp_stream4 preprocessor problem Martin Roesch (Jul 26)