[Snort-sigs] revised edonkey sigs using flowbits

Nigel Houghton nigel at ...435...
Mon Mar 5 19:01:21 EST 2007

On  0, Russell Fulton <r.fulton at ...575...> wrote:
> The rules need their sids unmangled and revs changed if they are to be
> added to the distribution.  Flowbits works fine with udp flows :)

This functionality is not enabled in the default snort.conf for 2.6.
Other changes are required.

If you are using stream4, the udp tracking functionality needs to be
compiled into snort, see ./configure --help for details. Also, stream5
is experimental at the moment just so you know.

Nigel Houghton
Office Linebacker

"Those who say it can't be done, should get out of the way of those doing it"

More information about the Snort-sigs mailing list