Snort mailing list archives
Stream4
From: "Matt Jonkman" <matt () jonkmans com>
Date: Mon, 28 Jan 2002 16:43:14 -0600
Where can I find more detailed documentation on stream4? Specifically, I'm wondering if the setect_scans functionality replaces the abilities of the portscan preprocessor. We'd prefer to use the stream4 plugin as it formats database entries correctly with source and dest IP making things much easier to research. I can make stream4 alert on a very overt xmas scan, but nothing for a syn or tcp scan. Are there parameters to set to make it more sensitive? Thanks Matt _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort log question Lookman Fazal (Jan 28)
- Stream4 Matt Jonkman (Jan 28)
- Re: Stream4 Martin Roesch (Jan 28)
- Re: Stream4 Matt Jonkman (Jan 28)
- Re: Stream4 Phil Wood (Jan 28)
- Re: Stream4 Martin Roesch (Jan 28)
- Stream4 Matt Jonkman (Jan 28)
- Re: snort log question Martin Roesch (Jan 28)