Re: How can I configure ssh preprocessor??

[Olaf Schreck <chakl () syscall de>]

> > BTW, the most obvious fix would be to remove "enable_protomismatch", no?
> Yes, it is the most obvious .. but If one host is compromised, what to
> do then??

I doubt that this particular rule will help in that case.  Given the 
false positives here for some known-good connections, I've chosen 
"suppress ... by_src $PROBLEM_IPS" to drop these falses locally, rather 
than messing with the preprocessor config.

YMMV

ciao,
chakl

------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself; 
WebMatrix provides all the features you need to develop and 
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users