[Snort-users] stream4 preprocessor question

Miller, Eoin Miller at ...6968...
Mon Sep 23 12:55:02 EDT 2002


ive been reading through the past posts and ive seen how to turn off the stream4 preprocessor, however i want to have it on to detect portscans, but i want to turn off the EVASIVE RST alerts that are being generated.

--begin snip snort.conf---

preprocessor stream4: detect_scans

---end snip snort.conf---


if i was to change the above current entry to this:

preprocessor stream4: detect_scans,noalerts

would that still log the portscans and nothing else or no? i am using snort version 1.8.7-db (Build 128)




More information about the Snort-users mailing list