Re: Disabling TCP Timestamp is outside of PAWS window using pulledpork?

[Jimmy Crackcorn <jimmy.cr4ckc0rn () gmail com>]

On Fri, Jul 23, 2010 at 14:52, Jimmy Crackcorn
<jimmy.cr4ckc0rn () gmail com> wrote:
> On Fri, Jul 23, 2010 at 10:23, Matt Watchinski
> <mwatchinski () sourcefire com> wrote:
> > If you compiled with
> >
> > --enable-decoder-preprocessor-rules
> >
> > and have the preprocessor.rules in your snort.conf, just comment out
> > gid:129 sid:4
> >
> > if you didn't compile with --enable-decoder-preprocessor-rules, then
> > remove "detect_anomalies" from your stream5_tcp config.
>
> Perfect!  Thanks, Matt!

Actually, how would one disable STREAM5_BAD_TIMESTAMP using
pulledpork's disablesid.conf since it shares the same sid (although
diff gids) with other rules?

Cheers!

------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share 
of $1 Million in cash or HP Products. Visit us here for more details:
http://ad.doubleclick.net/clk;226879339;13503038;l?
http://clk.atdmt.com/CRS/go/247765532/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users