Snort mailing list archives
Re: inconsistency docu vs. snort.conf
From: Marcin Dulak <marcin.dulak () gmail com>
Date: Wed, 25 Jan 2017 12:53:31 +0100
Hi, I think there are more inconsistencies, e.g. small_segments is not 0 as stated in https://www.snort.org/faq/readme-stream5 It has been reported at https://www.reddit.com/r/netsecstudents/comments/5dns4l/creating_content_snort_rules/ so the inconsistency was probably already present in Snort 2.9.8.3, or maybe even longer Marcin On Wed, Jan 25, 2017 at 12:18 PM, Felix Erlacher <felix.erlacher () uibk ac at> wrote:
Hi all, I think I just found an inconsistency between the official documentation and the example snort.conf file. In the current documentation for Snort 2.9.9 (dated November 14) available on the snort.org webpage it says on page 46 for the preprocessor stream5_tcp option "require_3whs" --> "the default is set to off" and for the session grace period of that option "The default is ”0”". But in the sample snort.conf file in the snort 2.9.9.0 tarball as well as the one on the webpage (https://www.snort.org/configurations) the require_3whs option is enabled and the grace period set to 180 seconds. The same holds for the "detect_anomalies" option, docu says default is off, in example snort.conf it is turned on. greetings -- Felix Erlacher ------------------------------------------------------------ ------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- inconsistency docu vs. snort.conf Felix Erlacher (Jan 25)
- Re: inconsistency docu vs. snort.conf Marcin Dulak (Jan 25)
- Re: inconsistency docu vs. snort.conf Joel Esler (jesler) (Jan 25)
- Re: inconsistency docu vs. snort.conf Marcin Dulak (Jan 25)