[Snort-devel] Stateful Snort?

Denis Ducamp Denis.Ducamp at ...212...
Wed Jun 20 04:48:28 EDT 2001


On Wed, Jun 20, 2001 at 12:41:09AM -0700, Erek Adams wrote:
> 
> Pardon me for being clueless, but its been a _long_ day...

It doesn't except with the tcp_stream options.


> Does snort keep state?  If I read the code correctly, it doesn't.  But, it's
> late and my brain is coffeless.

Well, more precisely it reassemble TCP sessions so the client may send its
request caracter by caracter, the snort engine will receive them line by
line. You need to list the tcp ports you want to reassemble in your
configuration file.

Denis Ducamp.

-- 
 Denis.Ducamp at ...212... --- Hervé Schauer Consultants --- http://www.hsc.fr/
Owl/snort/hping/dsniff en français  http://www.groar.org/~ducamp/#sec-trad
            Owl en français    http://www.openwall.com/Owl/fr/
 Du bon usage de ... http://usenet-fr.news.eu.org/fr-chartes/rfc1855.html




More information about the Snort-devel mailing list