[Snort-users] Snort Alert Help for Rule : SID=2

Naman Latif naman.latif at ...10264...
Thu Dec 4 09:26:06 EST 2003


Thanks.
My config file is

+++++++++
preprocessor stream4: detect_scans, ttl_limit [10], memcap [16777216]
+++++++++

I thought the default settings are

detect_state_problems  is OFF
disable_evasion_alerts is OFF

So I don't have "detect_state_problems" activated. Maybe it's the
"evasion_alerts" plugin causing these alerts ? I will try disabling
that.

Regards,
Naman


-----Original Message-----
From: Jeff Dell [mailto:jdell at ...1095...] 
 
That would be the Stream 4 Preprocessor that is creating the alert.
Checkout:

http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.4.5

The option "detect_state_problems" is what is triggering this event.

Jeff






More information about the Snort-users mailing list