Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Snort-Users] Re: Some questions about strem5 preprocessor

From: carlopmart <carlopmart () gmail com>
Date: Mon, 03 Oct 2011 10:07:34 +0200
On 10/03/2011 06:17 AM, Matt Watchinski wrote:

Ports listed in client tell stream5 to do stream reassembly for
traffic going from the client to the server.  Both means do it in
either direction.

In the example below, most attacks for ssh are against servers, so
inspecting the traffic from clients to servers and doing reassembly is
desired.  For http attacks they can go either direction.



Many thanks Matt. Now it has become clear to me.

-- 
CL Martinez
carlopmart {at} gmail {d0t} com

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: