[Snort-users] preproccesor stream
lance at ...185...
Thu Jan 18 21:55:52 EST 2001
apologies if this has already been discussed.
What does 'preprocessor stream' give me? If I
add the following to snort.conf
preprocessor stream: timeout 5, ports 21 23 80 8080, maxbytes 16384
What value have I just gained? Does this mean it will reassemble
the TCP connection first, then apply the signature rulebase against
the assembled stream? As opposed to normal snort activity, which is
to compare individual packets against signature database?
What kind of attacks will this detect that are not normally
More information about the Snort-users