Snort mailing list archives
Re: Stream5 reassembly
From: Joel Esler <jesler () sourcefire com>
Date: Mon, 31 May 2010 07:31:30 -0400
This is something that is necessary for the proper intended operation of Snort, yes. -- Sent from my iPad Joel Esler 302-223-5974 Jabber:jesler () sourcefire com On May 31, 2010, at 7:09 AM, Parag Pote <pipsparag () yahoo com> wrote:
Thanks patrick. But I didn't hear you saying if it is mandatory or can we ignore it? Is it just an added feature? Parag --- On Mon, 5/31/10, Patrick Billings <pbillings () sourcefire com> wrote:From: Patrick Billings <pbillings () sourcefire com> Subject: Re: [Snort-users] Stream5 reassembly To: "Parag Pote" <pipsparag () yahoo com> Cc: snort-users () lists sourceforge net Date: Monday, May 31, 2010, 3:34 AM Hi- The ports option which can be configured as ports client | server | both is needed to set which ports the preprocessor will perform stream re-assembly on. For example, if you are wanting to re-assemble the traffic to your webserver, then you would want to check for port 80 for http(tcp) traffic but you may not care not be concerned about the port the browser is using, as it will be a random port. The default setting is: ports client 21 23 25 42 53 80 110 111 135 136 137 139 143 445 513 514 1433 1521 2401 3306 HTH, Patrick On Mon, May 31, 2010 at 1:31 PM, Parag Pote <pipsparag () yahoo com> wrote:Hi, What does ports (ports client and ports both) means instream5 preprocessor? Just had a glance at the code and it says it does reassembly when we configure this option. Just wanted to know is it mandatory to configure it or optional one? If we do not configure do we miss any functionality?Rgds, Parag------------------------------------------------------------------------------_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Stream5 reassembly Parag Pote (May 30)
- Re: Stream5 reassembly Patrick Billings (May 31)
- Re: Stream5 reassembly Parag Pote (May 31)
- Re: Stream5 reassembly Joel Esler (May 31)
- Re: Stream5 reassembly Parag Pote (May 31)
- Re: Stream5 reassembly Joel Esler (May 31)
- Re: Stream5 reassembly Parag Pote (Jun 01)
- Re: Stream5 reassembly Patrick Billings (Jun 01)
- Re: Stream5 reassembly Joel Esler (Jun 01)
- Re: Stream5 reassembly Parag Pote (May 31)
- Re: Stream5 reassembly Patrick Billings (May 31)