Snort mailing list archives
Re: how enable icmp snort-2.9.6.1
From: hernani <coelho.hernani () sapo pt>
Date: Mon, 16 Jun 2014 21:08:59 +0100
Em 16-06-2014 18:02, James Lay escreveu:
On 2014-06-16 10:26, hernani wrote:hello, i forgot error, WARNING: Stream5 ICMP misconfigured (policy 0). Jun 16 17:20:04 hernani snort[23563]: ERROR: Stream5 not properly configured... exiting hernani thanks Em 16-06-2014 17:07, hernani escreveu:hello, How can i enable icmp snort-2.9.6.1 i change preprocessor stream5_global: track_tcp yes, track_udp yes, track_icmp no, ------> TRACK_ICMP YES, snort not start. someone can help me? thanks hernani coelhoPer the docs: ICMP Configuration ------------------ NOTE: ICMP is currently untested, in minimal code form and is NOT ready for use in production networks. It is not turned on by default. Configuration for ICMP session tracking. Since there is no target based binding, there should be only one occurrence of the ICMP configuration. - Preprocessor name: stream5_icmp - Options: timeout <number (secs)> - Session timeout. The default is "30", the minimum is "1", and the maximum is "86400" (approximately 1 day). Add a corresponding stream5_icmp entry and see what happens. James
hello, i put preprocessor and error disappear but snort dont detect icmp. this is preprocessor portscan preprocessor sfportscan: proto { all } scan_type { all } memcap { 10000000 } sense_level { High } and this preprocessor stream5_global: track_tcp yes, \ track_udp yes, \ track_icmp yes, \ max_tcp 262144, \ max_udp 131072, \ max_active_responses 2, \ min_response_seconds 5 Preprocessor stream5_icmp: thanks hernani coelho ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- how enable icmp snort-2.9.6.1 hernani (Jun 16)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 16)
- Re: how enable icmp snort-2.9.6.1 James Lay (Jun 16)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 16)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 17)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 17)
- Re: how enable icmp snort-2.9.6.1 waldo kitty (Jun 17)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 18)
- Re: how enable icmp snort-2.9.6.1 waldo kitty (Jun 18)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 18)
- Re: how enable icmp snort-2.9.6.1 waldo kitty (Jun 18)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 19)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 19)
- Re: how enable icmp snort-2.9.6.1 waldo kitty (Jun 19)
- Re: how enable icmp snort-2.9.6.1 James Lay (Jun 16)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 16)