[Snort-devel] stream4 in snort2

Kreimendahl, Chad J Chad.Kreimendahl at ...1167...
Mon Nov 25 13:29:47 EST 2002


(spp_stream4) NMAP FINGERPRINT (stateful) detection 

with the following config in dev:
preprocessor stream4: disable_evasion_alerts, memcap <some large
number>, timeout <seconds>
preprocessor stream4_reassemble: both, ports all

-----Original Message-----
From: Chris Green [mailto:cmg at ...835...] 
Sent: Monday, November 25, 2002 3:08 PM
To: Kreimendahl, Chad J
Cc: snort-devel at lists.sourceforge.net
Subject: Re: [Snort-devel] stream4 in snort2


"Kreimendahl, Chad J" <Chad.Kreimendahl at ...1167...> writes:

> Have there been any new options added to stream4 since snort 1.8?
Have
> been reading docs to figure out why we're still getting some NMAP
> stream4 stuff when we turn off detect_scans.
>
>
Can you give an example?
-- 
Chris Green <cmg at ...402...>
Warning: time of day goes back, taking countermeasures.





More information about the Snort-devel mailing list