Snort mailing list archives
Re: How can I configure ssh preprocessor??
From: Olaf Schreck <chakl () syscall de>
Date: Wed, 30 Mar 2011 19:30:13 +0200
BTW, the most obvious fix would be to remove "enable_protomismatch", no?Yes, it is the most obvious .. but If one host is compromised, what to do then??
I doubt that this particular rule will help in that case. Given the false positives here for some known-good connections, I've chosen "suppress ... by_src $PROBLEM_IPS" to drop these falses locally, rather than messing with the preprocessor config. YMMV ciao, chakl ------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How can I configure ssh preprocessor?? carlopmart (Mar 30)
- Re: How can I configure ssh preprocessor?? carlopmart (Mar 30)
- Re: How can I configure ssh preprocessor?? Olaf Schreck (Mar 30)
- Re: How can I configure ssh preprocessor?? carlopmart (Mar 30)
- Re: How can I configure ssh preprocessor?? Olaf Schreck (Mar 30)
- Re: How can I configure ssh preprocessor?? Olaf Schreck (Mar 30)
- Re: How can I configure ssh preprocessor?? carlopmart (Mar 30)