Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort 2.0 rc1 available

From: "Paul B. Poh" <paul () paulpoh com>
Date: Thu, 27 Mar 2003 09:14:29 -0500
Rob Hughes wrote:


Tasty... Still trying to work out what's causing "(spp_stream4) STEALTH
ACTIVITY (unknown) detection" alerts on my FreeBSD box, but looks good
so far. I'm curious though, why was the ANS.1 preprocessor removed, and
why where the SNMP options removed from the default config? Was ANS
decoding rolled up into something else?

Thanks,
Rob
Funny you mentioned that. I was just wondering myself why the asn1 preprocessor was removed. I did look around the other preprocessors and I did not see asn1 decoding anywhere. 

I also noticed that the fnord preprocessor was also removed in 2.0.
Both these preprocessors have a habit of generating lots of false positives. Maybe that's why it's gone :-) 

Paul.



-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: