[Snort-users] asynchronous_link was snort sees no fragmented attack

Chris Green cmg at ...1935...
Tue Aug 13 06:18:06 EDT 2002


Holger.Woehle at ...2701... writes:

>
> i switched to snort 1.9 beta 2 and connected the sensor to both ends of the TAP
> using device bond0.
> Now i see all alerts!
>
> But i don't want to inspect all outgoing traffic!

Well, if you really don't want to, add teh asynchronous_link option to

preprocessor stream4: <other options>, asynchronous_link

Cheers,
Chris
-- 
Chris Green <cmg at ...1935...>
 "Not everyone holds these truths to be self-evident, so we've worked
                  up a proof of them as Appendix A." --  Paul Prescod




More information about the Snort-users mailing list