Re: RE: RE: flow-portscan really suitable ???

[Jeremy Hewlett <jh () sourcefire com>]

On Fri, Mar 05, BIZOU wrote:
> hum.... here is my snort.conf (2.1.1). Do you see something wrong ?
...
> preprocessor conversation: allowed_ip_protocols all, timeout 60, max_conversations 3000
> preprocessor portscan2: scanners_max 256, targets_max 1024, target_limit 30, port_limit 40, timeout 40

Could you try the following:
preprocessor conversation: timeout 60 max_conversations 3000 allowed_ip_protocols all

I haven't had the CPU cycles to track down why it segfaults, but the
above line works around the issue for me. It appears to be the commas
causing the segfault.


In response to other emails - Portscan2 has been deprecated, and is no
longer supported as we're moving to the flow/flow-portscan model. We
are currently addressing the issues that have come up with
flow-portscan. However, we'll be happy to accept patches to portscan2,
if anyone would like to submit them.




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users