Snort mailing list archives
Re: Missing Portscanners in 2.8 - Flow-Portscan vs stream5
From: frederick sonnichsen <fsonnichsen () whoi edu>
Date: Mon, 24 Mar 2008 15:42:40 -0400
No. I tried it originally and snort failed with: FATAL ERROR: Stream5 and flow cannot be used at the same time, as Stream5 provides the same functionality as flow. Thanks! Fritz rmkml wrote:
Hi Frederick, do you have enabled preprocessor flow on snort.conf ? Regards Rmkml On Mon, 24 Mar 2008, frederick sonnichsen wrote:Date: Mon, 24 Mar 2008 15:22:17 -0400 From: frederick sonnichsen <fsonnichsen () whoi edu> To: snort-users () lists sourceforge net Subject: [Snort-users] Missing Portscanners in 2.8 - Flow-Portscan vs stream5 I have converted from 2.3.3 to 2.8.0.2. Running both versions now, the newer version detects fewer portscans and sweeps. I stated looking into the preprocessors: Per the doc, stream5 replaces stream4, and also the flow preprocessors. However, due to the missing detection I decided to add back the Flow-Portscan. When I do this I get the following message at snort startup: FATAL ERROR: /etc/snort/snort.conf(806) flow-portscan requires spp_flow to be enabled! I cannnot find anything about the option spp_flow or how to turn it on. Any ideas? Thanks Fritz ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Missing Portscanners in 2.8 - Flow-Portscan vs stream5 frederick sonnichsen (Mar 24)
- Message not available
- Re: Missing Portscanners in 2.8 - Flow-Portscan vs stream5 frederick sonnichsen (Mar 24)
- Message not available