Snort mailing list archives
portscan preprocessor in 1.8p1
From: Andreas Steinmetz <ast () domdv de>
Date: Fri, 27 Jul 2001 19:22:00 +0200 (CEST)
Snort version: 1.8p1 snort.conf: preprocessor portscan-ignorehosts: a.b.c.1/32 a.b.c.11/32 portscan.log: Jul 27 00:51:38 a.b.c.11:25 -> x.y.z.132:8286 FIN *2*****F Didn't happen with 1.7, I wonder. I don't even know if I should believe these kind of log entries due to the variety of problems I'm having with 1.8p1. BTW: At least one preprocessor of 1.8p1 has a memory leak. I guess for tcp defragmentation/reassemby as the internal sensors show a very small leak rate compared to the external sensor). At least one preprocessor of 1.8p1 causes snort to crash sometimes (snort did crash about twice a day until I did set up core dumping. Since then just one more crash - Murphy). Unfortunately I don't have the resources available to run different snort versions on my sensor system (memory/cpu for 8 instead of 4 sensor processes). I'm slowly but steadily feeling inclined to revert to 1.7... Andreas Steinmetz D.O.M. Datenverarbeitung GmbH _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- portscan preprocessor in 1.8p1 Andreas Steinmetz (Jul 27)
- RE: portscan preprocessor in 1.8p1 Neal Timm (Jul 27)