Snort mailing list archives
controlling open sessions
From: "Lawrence R. Hughes, Sr." <lhughes () safemedia com>
Date: Fri, 7 Jan 2011 12:37:37 -0500
Hi, We have too many open sessions for 2.8.6.1, is there a way to controll them via snort.conf? Here is a snippet of our stream5 config (notice the aggressive pruning we are doing): # Target-Based stateful inspection/stream reassembly. For more inforation, see README.stream5 preprocessor stream5_global: memcap 1073741824, max_tcp 1048576, track_tcp yes, max_udp 131072, track_udp yes, track_icmp no, flush_on_alert yes preprocessor stream5_tcp: policy linux, use_static_footprint_sizes, max_queued_bytes 4194304, max_queued_segs 5242, \ # overlap_limit 4, small_segments 3 bytes 150, \ timeout 30, dont_store_large_packets, dont_reassemble_async, require_3whs 5, \ ports client 21 22 23 25 42 53 79 109 110 111 113 119 135 136 137 139 143 \ 161 445 513 514 587 593 691 1433 1521 2100 3306 6665 6666 6667 6668 6669 \ 7000 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779, \ ports both 80 311 443 465 563 591 593 636 901 989 992 993 994 995 1220 1414 2301 2381 2809 3128 3702 6907 7702 7777 7779 \ 7801 7900 7901 7902 7903 7904 7905 7906 7908 7909 7910 7911 7912 7913 7914 7915 7916 \ 7917 7918 7919 7920 8000 8008 8028 8080 8118 8123 8180 8243 8280 8888 9443 9999 11371 preprocessor stream5_udp: timeout 30 Thanks, Larry
------------------------------------------------------------------------------ Gaining the trust of online customers is vital for the success of any company that requires sensitive data to be transmitted over the Web. Learn how to best implement a security strategy that keeps consumers' information secure and instills the confidence they need to proceed with transactions. http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- controlling open sessions Lawrence R. Hughes, Sr. (Jan 07)
- Re: controlling open sessions Russ Combs (Jan 07)
- Re: controlling open sessions Lawrence R. Hughes, Sr. (Jan 07)
- Re: controlling open sessions Russ Combs (Jan 07)
- Re: controlling open sessions Lawrence R. Hughes, Sr. (Jan 07)
- Re: controlling open sessions Russ Combs (Jan 07)
- Re: controlling open sessions Lawrence R. Hughes, Sr. (Jan 07)
- Re: controlling open sessions Russ Combs (Jan 07)
- Re: controlling open sessions Jason Wallace (Jan 07)
- Re: controlling open sessions Joel Esler (Jan 08)
- Re: controlling open sessions Lawrence R. Hughes, Sr. (Jan 10)
- Re: controlling open sessions Lawrence R. Hughes, Sr. (Jan 07)
- Re: controlling open sessions Russ Combs (Jan 07)