Snort mailing list archives
Snort Preprocessor Option Delimiters
From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Tue, 16 Jul 2002 13:42:33 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've run across some strange behavior for a Win32 version of Snort 1.86. The comments in snort.conf indicate that the stream4 and stream4_reassemble preprocessors use comma delimited options. But when I use the following statement in snort.conf: preprocessor stream4_reassemble: clientonly, ports "default" Snort indicates that no ports are being monitored. Instead, I have to use: preprocessor stream4_reassemble: clientonly ports "default" However, if I do the same thing for the stream4 preprocessor: preprocessor stream4: disable_evasion_alerts detect_scans the detect_scans option shows as disabled when Snort starts, so I have to use a comma to separate these options. So, which *should* it be? Comma delimited or not? Is this a bug? Also, does anyone know if the "disable_evasion_alerts" option is enabled by default. The start-up messages displayed by Snort do not seem to change whether I use this option or not in snort.conf. Sincerely, L. Christopher Luther Technical Consultant Xybernaut Solutions, Inc. (703) 506-0400 x230 cluther () xybernaut com http://www.xybernautsolutions.com My PGP Public Key: http://keyserver.pgp.com/pks/lookup?op=get&search=0x21261B88 CONFIDENTIALITY NOTE: This communication contains information that is confidential and/or legally privileged. This information is intended only for the use of the individual or entity named on this communication. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, printing or other use of, or any action in reliance on, the contents of this communication is strictly prohibited. If you receive this communication in error, please immediately notify us by telephone at (703) 506-0400. - ------------------------------------------------------------ Unsolicited commercial e-mail will automatically be reported to the appropriate abuse@ - without exception. - ------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: PGP 7.1.1 iQA/AwUBPTRbCau/XM0hJhuIEQI92ACeOC9BJgzHd4xM1Lyr4ZuTC/pJQ9cAn0yl mwBWju+bDYSMatkDXcaZdbGX =29DN -----END PGP SIGNATURE-----
Current thread:
- Snort Preprocessor Option Delimiters L. Christopher Luther (Jul 16)
- Re: Snort Preprocessor Option Delimiters Erek Adams (Jul 16)
- <Possible follow-ups>
- RE: Snort Preprocessor Option Delimiters L. Christopher Luther (Jul 16)