[Snort-devel] Stateful Snort?
Denis.Ducamp at ...212...
Wed Jun 20 04:48:28 EDT 2001
On Wed, Jun 20, 2001 at 12:41:09AM -0700, Erek Adams wrote:
> Pardon me for being clueless, but its been a _long_ day...
It doesn't except with the tcp_stream options.
> Does snort keep state? If I read the code correctly, it doesn't. But, it's
> late and my brain is coffeless.
Well, more precisely it reassemble TCP sessions so the client may send its
request caracter by caracter, the snort engine will receive them line by
line. You need to list the tcp ports you want to reassemble in your
Denis.Ducamp at ...212... --- Hervé Schauer Consultants --- http://www.hsc.fr/
Owl/snort/hping/dsniff en français http://www.groar.org/~ducamp/#sec-trad
Owl en français http://www.openwall.com/Owl/fr/
Du bon usage de ... http://usenet-fr.news.eu.org/fr-chartes/rfc1855.html
More information about the Snort-devel