Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort 2.8.6 and gzip decoding functionality not working for me

From: Nerijus Krukauskas <nkrukauskas () gmail com>
Date: Fri, 14 May 2010 13:52:08 +0300
On 2010-05-06, Matt Olney <molney () sourcefire com> wrote:

Guys,

In the latest subscriber rulepack, we have a new recommended
configuration.  I'm going to go ahead and attach it here, as the
intent isn't to restrict access to it, its just a by-product of our
rules publishing process.  But as part of that new conf is this
stream5 block:

# Target-Based stateful inspection/stream reassembly.  For more
inforation, see README.stream5
preprocessor stream5_global: max_tcp 8192, track_tcp yes, track_udp
yes, track_icmp no
preprocessor stream5_tcp: policy windows, detect_anomalies, require_3whs
180, \
   overlap_limit 10, small_segments 3 bytes 150, timeout 180, \


<skip_the_rest>

I see there's an option: small_segments 3 bytes 150. Yet,
README.stream5 (from snort-2.6.8.tar.gz) has no word on it. Where can
I read what's it about?

-- 
http://nk99.org/

------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
Previous By Date Next
Previous By Thread Next

Current thread: