Snort mailing list archives
Re: gamancio () weg com br - Bayesian Filter detected spam - RE: need help understanding the "flow:" keyword
From: Frank Knobbe <frank () knobbe us>
Date: Fri, 07 Jan 2005 14:31:41 -0600
On Wed, 2005-01-05 at 13:46 -0500, Miner, Jonathan W (CSC) (US SSA) wrote:
I am running 2.3RC2... I upgraded to that yesterday. It appears that none of the flow sigs fire.
Another thing to check is the stream4 and stream4_reassembly preprocessors. Make sure they are enabled. I highly recommend to use "ports all" on the reassembler. My options: preprocessor stream4: disable_evasion_alerts preprocessor stream4_reassemble: both, noalerts, ports all See if that makes a difference. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- need help understanding the "flow:" keyword Miner, Jonathan W (CSC) (US SSA) (Jan 05)
- Re: need help understanding the "flow:" keyword Frank Knobbe (Jan 05)
- <Possible follow-ups>
- RE: need help understanding the "flow:" keyword Miner, Jonathan W (CSC) (US SSA) (Jan 05)
- RE: need help understanding the "flow:" keyword Frank Knobbe (Jan 05)
- RE: need help understanding the "flow:" keyword Miner, Jonathan W (CSC) (US SSA) (Jan 05)
- RE: need help understanding the "flow:" keyword Frank Knobbe (Jan 05)
- Re: gamancio () weg com br - Bayesian Filter detected spam - RE: need help understanding the "flow:" keyword Frank Knobbe (Jan 07)
- RE: need help understanding the "flow:" keyword Miner, Jonathan W (CSC) (US SSA) (Jan 05)
- RE:need help understanding the "flow:" keyword Miner, Jonathan W (CSC) (US SSA) (Jan 11)