Snort mailing list archives
Re: flow_depth
From: Bamm Visscher <bamm.visscher () gmail com>
Date: Sat, 31 Dec 2005 09:05:48 -0700
processor http_ prinspect_server: server default \ profile all ports { 80 8080 8180 } oversize_dir_length 500 flow_depth 0 Be aware that setting flow_depth to 0 can have a serious performance impact on your sensor. Bammkkkk On 12/30/05, Ron Jenkins <rjenkins () dibr net> wrote:
What would be the new line for flow_depth 0 eprocessor http_ prinspect_server: server default \ profile all ports { 80 8080 8180 } oversize_dir_length 500 # # Example unique server configuration # #preprocessor http_inspect_server: server 1.1.1.1 \ # ports { 80 3128 8080 } \ # flow_depth 0 \ # ascii no \ # double_decode yes \ # non_rfc_char { 0x00 } \ # chunk_length 500000 \ # non_strict \ # oversize_dir_length 300 \ # no_alerts Ron Jenkins (SnortCP, MCNE, CNE6, MCP, CCNA, CCEA) Senior Architect Data Integrity, LLC "We Integrate People with Solutions" 1724 Dallas Drive Suite 11 Baton Rouge, La 70806 Office. 225.927.8030 Fax. 225.927.8033 Cell225.931.1632 Email. rjenkins () dibr net Web. http://www.dibr.net (Aanval Reseller and Technology Partner) http://www.aanval.com/tour/dibr
-- sguil - The Analyst Console for NSM http://sguil.sf.net ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id865&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- flow_depth Ron Jenkins (Dec 30)
- Re: flow_depth Bamm Visscher (Dec 31)