Re: flow_depth

[Bamm Visscher <bamm.visscher () gmail com>]

processor http_ prinspect_server: server default \
profile all ports { 80 8080 8180 } oversize_dir_length 500 flow_depth 0

Be aware that setting flow_depth to 0 can have a serious performance
impact on your sensor.

Bammkkkk

On 12/30/05, Ron Jenkins <rjenkins () dibr net> wrote:
> What would be the new line for flow_depth 0
>
>
>
> eprocessor http_ prinspect_server: server default \
>
>     profile all ports { 80 8080 8180 } oversize_dir_length 500
>
>
>
> #
>
> #  Example unique server configuration
>
> #
>
> #preprocessor http_inspect_server: server 1.1.1.1 \
>
> #    ports { 80 3128 8080 } \
>
> #    flow_depth 0 \
>
> #    ascii no \
>
> #    double_decode yes \
>
> #    non_rfc_char { 0x00 } \
>
> #    chunk_length 500000 \
>
> #    non_strict \
>
> #    oversize_dir_length 300 \
>
> #    no_alerts
>
>
>
>
>
> Ron Jenkins (SnortCP, MCNE, CNE6, MCP, CCNA, CCEA)
>  Senior Architect
>  Data Integrity, LLC
>  "We Integrate People with Solutions"
>  1724 Dallas Drive
>  Suite 11
>  Baton Rouge, La 70806
>  Office. 225.927.8030
>  Fax. 225.927.8033
>  Cell225.931.1632
>
> Email. rjenkins () dibr net
>  Web. http://www.dibr.net
>
> (Aanval Reseller and Technology Partner)
>
> http://www.aanval.com/tour/dibr


--
sguil - The Analyst Console for NSM
http://sguil.sf.net


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users