Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Limiting the events spp_stream4: WINDOW VIOLATION

From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 24 Jul 2001 09:01:09 -0400
Update to the latest beta
(http://www.snort.org/files/snort-1.8.1-beta4.tar.gz), tcp state
problems have to be explicitly turned on (option
"detect_state_problems") in the latest version.

     -Marty

Tony M wrote:


Is there any way to disable this message from the stream processor? it
is flooding my database with thousands of events.
ideally, i would like to find a way to either limit the number of events
that will be recorded or turn just this event off.
30365  spp_stream4: WINDOW VIOLATION detection 192.168.2.1 15:39 07-23
00:12 07-24

Thanks
Tony

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

mQGiBDp+ShYRBADVja2c43SfOIy5jFuC+FJ2PSI5XBA7+LI1iXgUSw6hrBanWH6D
Ce3ZlcNlYmWG6HQwbi/UPNKfjmDjNuojJngmL6Yq8z2xN01SnM4jS3DkDfuIfLYU
AnIiSbF1IsKYAAp+oRcygEq4DiGnHj2SeTaNDGdJtwgsGNX6P2bNz5+riwCg/8wi
E8XIm6YKhRf48zP/bPd6AWEEAKN2Q9/6FlSz/s7Yuj9ddA+Nv9aSkJH+KjMLB2l6
+i4KC80KyM1QyqeNolE6hZBozRCX9kAYNHy7rbbnfq3uOYhgi784SGE+mH2tUyOB
Mt6HtpT1u9J7lNuLsJ+wDe4raJqnR8+ldelAY9mZ8wk0zjYkYEuMWYIsPXtUlYhV
I5lNA/9w/4SbUfQVZjqDzX8v6fLU18Fe6d0Xr2EyomAvew7539EIFwz9+B19ZuQL
tvgI2dla1ibEC1JlDcT9ELEt5M7uzUFiO3vWwr+tiFV2yU53NeN2tFyibCOPn35b
HltIH7kma6eC0SriM+Ske6elGugs9h+dWKNFZgtSexCNKmy537QaVG9ueSA8SVRv
bnlEZXZAamFiYmVyLm9yZz6JAE4EEBECAA4FAjqDdpUECwMCAQIZAQAKCRDQhfgG
5ZSf69hYAJoCpBI9ritoPLsjHbXeoQDadYFG7gCgtM2tyR3f0SWwFdlosobsw8+F
/TyJAEYEEBECAAYFAjp+SkMACgkQfh1XONWHzsbKiwCgpeirkJRAyV6hhjjXX5eh
lRKyUtUAoLOJfkMY+GHfOIo+wviHHXQXhRdBtCJBbnRob255IE1vdWx0b24gPHRv
bnlAZXZlcmRldi5jb20+iQBOBBARAgAOBQI6g3aVBAsDAgECGQAACgkQ0IX4BuWU
n+uQmACeJalOIL36H5qr0ZjgDS5MwPFmU4MAoJ/16vrwviYMyv5P0cGNOZKnX59i
uQINBDp+ShYQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoBp1ajFOmP
QFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnhV5JZzf24
rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr5fSI/VhO
SdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4XTjTNP18
F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsC
RtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICCACAJQ4lPMmHZUyTWt9C8JI3
1ulSi74qWdqRYqn2jUy1I/hXMpAgRXcwpN7TxMGxzY3Osn6AtteDh67kh6aF22kD
5IVPWnx03DoyYvUTS8dz1Xau04a0i+e4tSSDnrWaREREg+XlXPqRYkM+8M8p1X6C
i49IHC33zfkrUOsWqqHIypqq6CegJ/03eKR74RQud8E+iDaiwqpqQ477PEIthHdr
KjFDeqap5gnKwmUc8l4bqos1U20w16wrW9OnaAQA1+t+NEDEnreht1N/UJFdHQ6I
0N1eyHEQsBlIe6RFrrIXvNHwfzCT7JzVFJG+TmZ8SMM1JZXV1UqtglG84/m6+2/x
iQBGBBgRAgAGBQI6fkoWAAoJENCF+AbllJ/rx1oAn3GPaKpxaA6/hVWe1StdlzY7
D3v1AJ9k2n40BCApVvp+Qb9JzYdCPbKInQ==
=lahV
-----END PGP PUBLIC KEY BLOCK-----

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list


--
Martin Roesch
roesch () sourcefire com
http://www.sourcefire.com - http://www.snort.org

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: