Snort mailing list archives
Re: snort DCE/RPC reassemble_threshold
From: Ryan Jordan <ryan.jordan () sourcefire com>
Date: Tue, 21 Dec 2010 12:14:32 -0500
Hi Larry, The README.dcerpc that you linked was tied to the old dcerpc preprocessor, which we removed in Snort 2.9.0. We replaced it with dcerpc2 a couple years ago, whose README you can find here: http://cvs.snort.org/viewcvs.cgi/snort/doc/README.dcerpc2
From the README:
reassemble_threshold Specifies a minimum number of bytes in the DCE/RPC desegmentation and defragmentation buffers before creating a reassembly packet to send to the detection engine. This option is useful in inline mode so as to potentially catch an exploit early before full defragmentation is done. A value of 0 supplied as an argument to this option will, in effect, disable this option. Default is disabled. -Ryan On Tue, Dec 21, 2010 at 12:04 PM, Lawrence R. Hughes, Sr. <lhughes () safemedia com> wrote:
Hi, The default snort.conf file has: preprocessor dcerpc2: reassemble_threshold yet when looking at the snort manul reassemble_threshold is never mentioned also the README.dcerpc does not mention it. What is it and what does it do? Thanks, Larry ------------------------------------------------------------------------------ Forrester recently released a report on the Return on Investment (ROI) of Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even within 7 months. Over 3 million businesses have gone Google with Google Apps: an online email calendar, and document program that's accessible from your browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Forrester recently released a report on the Return on Investment (ROI) of Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even within 7 months. Over 3 million businesses have gone Google with Google Apps: an online email calendar, and document program that's accessible from your browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort DCE/RPC reassemble_threshold Lawrence R. Hughes, Sr. (Dec 21)
- Re: snort DCE/RPC reassemble_threshold Ryan Jordan (Dec 21)
- Re: snort DCE/RPC reassemble_threshold Lawrence R. Hughes, Sr. (Dec 21)
- Re: snort DCE/RPC reassemble_threshold Ryan Jordan (Dec 21)
- Re: snort DCE/RPC reassemble_threshold Lawrence R. Hughes, Sr. (Dec 21)
- Re: snort DCE/RPC reassemble_threshold Ryan Jordan (Dec 21)