![snort logo](/images/snort-logo.png)
Snort mailing list archives
SSH Preprocessor bug?
From: <katwell80 () yahoo de>
Date: Thu, 10 Sep 2015 09:55:32 +0000 (UTC)
Hello. I was just struggling with the ssh preprocessor because of that known ssh protocol mismatch problem. I noticed, that there is a max_encrypted_packets which my config has set to 20. However last night I got a flood with protomismatch messages from snort when I had a ssh connection open. Why is this triggering at all on a long-open ssh session when the encrypt packets to check is limited to 20 after initializing the ssh connection? I disabled the rule using threshold.conf suppress option, however I still wonder why these config options in the snort.conf preprocessor section don't seem to work. Greetings ------------------------------------------------------------------------------ Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- SSH Preprocessor bug? katwell80 (Sep 10)
- Re: SSH Preprocessor bug? Al Lewis (allewi) (Sep 10)