Snort mailing list archives

Re: gamancio () weg com br - Bayesian Filter detected spam - RE: need help understanding the "flow:" keyword

From: Frank Knobbe <frank () knobbe us>
Date: Fri, 07 Jan 2005 14:31:41 -0600

On Wed, 2005-01-05 at 13:46 -0500, Miner, Jonathan W (CSC) (US SSA)
wrote:

I am running 2.3RC2... I upgraded to that yesterday.

It appears that none of the flow sigs fire.


Another thing to check is the stream4 and stream4_reassembly
preprocessors. Make sure they are enabled. I highly recommend to use
"ports all" on the reassembler.

My options:
preprocessor stream4: disable_evasion_alerts
preprocessor stream4_reassemble: both, noalerts, ports all

See if that makes a difference.

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

need help understanding the "flow:" keyword Miner, Jonathan W (CSC) (US SSA) (Jan 05)
- Re: need help understanding the "flow:" keyword Frank Knobbe (Jan 05)
- <Possible follow-ups>
- RE: need help understanding the "flow:" keyword Miner, Jonathan W (CSC) (US SSA) (Jan 05)
  - RE: need help understanding the "flow:" keyword Frank Knobbe (Jan 05)
- RE: need help understanding the "flow:" keyword Miner, Jonathan W (CSC) (US SSA) (Jan 05)
  - RE: need help understanding the "flow:" keyword Frank Knobbe (Jan 05)
  - Re: gamancio () weg com br - Bayesian Filter detected spam - RE: need help understanding the "flow:" keyword Frank Knobbe (Jan 07)
- RE: need help understanding the "flow:" keyword Miner, Jonathan W (CSC) (US SSA) (Jan 05)
- RE:need help understanding the "flow:" keyword Miner, Jonathan W (CSC) (US SSA) (Jan 11)