matt at ...4024...
Mon Jan 28 14:47:05 EST 2002
Where can I find more detailed documentation on stream4?
Specifically, I'm wondering if the setect_scans functionality replaces the
abilities of the portscan preprocessor.
We'd prefer to use the stream4 plugin as it formats database entries
correctly with source and dest IP making things much easier to research.
I can make stream4 alert on a very overt xmas scan, but nothing for a syn or
tcp scan. Are there parameters to set to make it more sensitive?
More information about the Snort-users