[Snort-users] (no subject)
joel.esler at ...1935...
Sat May 20 13:33:15 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Maybe I lost the first email, so I can't find the problem, but what is
the problem you are having?
Santi Benito wrote:
> Thanks a lot Martin,but I think that I have the portscan preprocessor
> disabled from the beginning. I do the probes with this preprocessor
> configuration in snort.conf:
> preprocessor flow: stats_interval 0 hash 2
> preprocessor frag2
> preprocessor stream4: disable_evasion_alerts detect_scans
> preprocessor stream4_reassemble
> preprocessor rpc_decode: 111 32771
> preprocessor bo
> preprocessor telnet_decode
> I think that for my purpose, see how many alerts of only p2p traffic it
> detects, I also could disable all the preprocessors, I also saw one
> time that preprocessor http_inspect generated me a lot of alerts and I
> disabled it.
> So if have that configuration, and the problems continues existing,
> what could be the cause?
> My professor has told me to use tethereal,and it catches muck more
> packets than snort, but at 50Mb/s begins dropping packets....so I
> would like to solve the problem of snort, but I don`t know how.
> Thanks a lot, I expect no to have bored you.
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Snort-users