[Snort-devel] Removal of flags A+ in favor of established

Chris Green cmg at ...402...
Tue May 21 07:54:03 EDT 2002


"Kreimendahl, Chad J" <Chad.Kreimendahl at ...1167...> writes:

> I compiled in the changes that you made to http_decode and tested
> disable_evasion_alerts on this newest build (147).  This build is far less
> noisy than the previous we attempted (139).  I think there's only one thing
> left.  
>
> I get:
> (spp_stream4) TCP TOO FAST RETRANSMISSION WITH DIFFERENT DATA SIZE (possible
> fragroute) detection
> ..about 10 times a minute (per sensor) even with disable_evasion_alerts
> flag.

Changed. Disable evasion alerts should do the right thing for you now
-- 
Chris Green <cmg at ...402...>
 "Not everyone holds these truths to be self-evident, so we've worked
                  up a proof of them as Appendix A." --  Paul Prescod




More information about the Snort-devel mailing list