Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort Alert Help for Rule : SID=2

From: "Naman Latif" <naman.latif () inamed com>
Date: Thu, 4 Dec 2003 09:25:09 -0800
Thanks.
My config file is

+++++++++
preprocessor stream4: detect_scans, ttl_limit [10], memcap [16777216]
+++++++++

I thought the default settings are

detect_state_problems  is OFF
disable_evasion_alerts is OFF

So I don't have "detect_state_problems" activated. Maybe it's the
"evasion_alerts" plugin causing these alerts ? I will try disabling
that.

Regards,
Naman


-----Original Message-----
From: Jeff Dell [mailto:jdell () activeworx com] 
 
That would be the Stream 4 Preprocessor that is creating the alert.
Checkout:

http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.4.5

The option "detect_state_problems" is what is triggering this event.

Jeff




-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: