Snort mailing list archives
Re: [Snort-Users] Re: Some questions about strem5 preprocessor
From: carlopmart <carlopmart () gmail com>
Date: Mon, 03 Oct 2011 10:07:34 +0200
On 10/03/2011 06:17 AM, Matt Watchinski wrote:
Ports listed in client tell stream5 to do stream reassembly for traffic going from the client to the server. Both means do it in either direction. In the example below, most attacks for ssh are against servers, so inspecting the traffic from clients to servers and doing reassembly is desired. For http attacks they can go either direction.
Many thanks Matt. Now it has become clear to me. -- CL Martinez carlopmart {at} gmail {d0t} com ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: [Snort-Users] Re: Some questions about strem5 preprocessor Matt Watchinski (Oct 02)
- Re: [Snort-Users] Re: Some questions about strem5 preprocessor carlopmart (Oct 03)