Snort mailing list archives
Re: Stream5
From: ARAI Shun-ichi <hermes () ceres dti ne jp>
Date: Fri, 24 Aug 2012 10:28:42 +0900 (JST)
In <7ED45A0B-7F8F-41C3-AE55-5CF703460DB7 () me com>; Nicholas Horton <fivetenets () me com> wrote as Subject "Re: [Snort-users] Stream5":
I tried removing detect_anomalies and setting the small_segments value to 0 and it still pops up repeatedly. Any more ideas why the small segment stream5 pp is getting triggered?
How is to add port number into "ports" port list? (If you gets alerts for specific port(s).) Or if you are assured that the alerts means no security risk, you can suppress alert message. For example, write local rules like: suppress gen_id 129, sig_id 12, track by_dst, ip XX.XX.XX.XX suppress gen_id 129, sig_id 12, track by_src, ip XX.XX.XX.XX BTW, I am using Snort for Linux and Widows PC (XP SP3). On Win XP (with wireless network), device sometimes hangs up after small segment alert. I am not sure that small segments causes it or not. Device revives after reconnecting to access point. Is there any solution? (Snort: 2.9.3, WinPcap: 4.1.2) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Stream5 Nicholas Horton (Aug 22)
- Re: Stream5 Edward Fjellskål (Aug 22)
- Re: Stream5 Nicholas Horton (Aug 22)
- Re: Stream5 Nicholas Horton (Aug 23)
- Re: Stream5 ARAI Shun-ichi (Aug 23)
- Re: Stream5 Nicholas Horton (Aug 25)
- Re: Stream5 Nicholas Horton (Aug 22)
- Re: Stream5 Edward Fjellskål (Aug 22)
- <Possible follow-ups>
- Stream5 Nicholas Horton (Aug 24)