[Snort-sigs] Snort 2.8.6 and gzip decoding functionality not working for me

Nerijus Krukauskas nkrukauskas at ...2420...
Fri May 14 06:52:08 EDT 2010


On 2010-05-06, Matt Olney <molney at ...435...> wrote:
> Guys,
>
> In the latest subscriber rulepack, we have a new recommended
> configuration.  I'm going to go ahead and attach it here, as the
> intent isn't to restrict access to it, its just a by-product of our
> rules publishing process.  But as part of that new conf is this
> stream5 block:
>
> # Target-Based stateful inspection/stream reassembly.  For more
> inforation, see README.stream5
> preprocessor stream5_global: max_tcp 8192, track_tcp yes, track_udp
> yes, track_icmp no
> preprocessor stream5_tcp: policy windows, detect_anomalies, require_3whs
> 180, \
>    overlap_limit 10, small_segments 3 bytes 150, timeout 180, \

<skip_the_rest>

I see there's an option: small_segments 3 bytes 150. Yet,
README.stream5 (from snort-2.6.8.tar.gz) has no word on it. Where can
I read what's it about?

-- 
http://nk99.org/




More information about the Snort-sigs mailing list