[Snort-users] stream4 preprocessor question

Miller, Eoin Miller at ...6968...
Mon Sep 23 15:14:03 EDT 2002


i attempted to use this in my snort.conf file:

preprocessor stream4: detect_scans,noalerts

but it is still logging all of those EVASIVE RST alerts and driving me nuts, i still want to use stream4 for the portscan logging, is there any way to do this?

thanks

> -----Original Message-----
> From: Miller, Eoin 
> Sent: Monday, September 23, 2002 3:54 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] stream4 preprocessor question
> 
> 
> ive been reading through the past posts and ive seen how to 
> turn off the stream4 preprocessor, however i want to have it 
> on to detect portscans, but i want to turn off the EVASIVE 
> RST alerts that are being generated.
> 
> --begin snip snort.conf---
> 
> preprocessor stream4: detect_scans
> 
> ---end snip snort.conf---
> 
> 
> if i was to change the above current entry to this:
> 
> preprocessor stream4: detect_scans,noalerts
> 
> would that still log the portscans and nothing else or no? i 
> am using snort version 1.8.7-db (Build 128)




More information about the Snort-users mailing list