Snort mailing list archives
RE: Snort Alert Help for Rule : SID=2
From: "Naman Latif" <naman.latif () inamed com>
Date: Thu, 4 Dec 2003 09:25:09 -0800
Thanks. My config file is +++++++++ preprocessor stream4: detect_scans, ttl_limit [10], memcap [16777216] +++++++++ I thought the default settings are detect_state_problems is OFF disable_evasion_alerts is OFF So I don't have "detect_state_problems" activated. Maybe it's the "evasion_alerts" plugin causing these alerts ? I will try disabling that. Regards, Naman -----Original Message----- From: Jeff Dell [mailto:jdell () activeworx com] That would be the Stream 4 Preprocessor that is creating the alert. Checkout: http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.4.5 The option "detect_state_problems" is what is triggering this event. Jeff ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Alert Help for Rule : SID=2 Naman Latif (Dec 04)
- RE: Snort Alert Help for Rule : SID=2 Jeff Dell (Dec 04)
- <Possible follow-ups>
- RE: Snort Alert Help for Rule : SID=2 Naman Latif (Dec 04)