[Snort-devel] can't disable spp_stream4 TTL EVASION alerts ?
Kreimendahl, Chad J
Chad.Kreimendahl at ...1167...
Wed Jun 5 08:23:02 EDT 2002
Or... I'm a jack*ss and forgot that I changed ttl_limit to 0.
From: Chris Green [mailto:cmg at ...402...]
Sent: Wednesday, June 05, 2002 10:04 AM
To: edwin at ...1392...
Cc: Snort Developers List
Subject: Re: [Snort-devel] can't disable spp_stream4 TTL EVASION alerts ?
Edwin Eefting <edwin at ...1392...> writes:
> I'm using Version 1.9-dev (Build 155) but I still am unable to disable
> this alert:
> (spp_stream4) TTL EVASION (reassemble) detection
set ttl_limit 0
> My stream4 settings:
> preprocessor stream4: memcap 64000000,
> disable_evasion_alerts,noinspect preprocessor stream4_reassemble:
> Since I've downloaded build 155 (I had build 147 before) I also
> receive some kind of new alert very often:
> (snort_decoder) Unknown Datagram decoding problem!
> How can I disable these alerts? (I believe the first one is a bug in
> spp_stream4, there seems to be a missing check in the sourcecode) I
> get flooded with these messages.
You can't right now. It will be added soon. :-)
Chris Green <cmg at ...402...>
"Not everyone holds these truths to be self-evident, so we've worked
up a proof of them as Appendix A." -- Paul Prescod
Don't miss the 2002 Sprint PCS Application Developer's Conference August
25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
Snort-devel mailing list
Snort-devel at lists.sourceforge.net
More information about the Snort-devel