[Snort-users] (no subject)

Joel Esler joel.esler at ...1935...
Sat May 20 13:33:15 EDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Maybe I lost the first email, so I can't find the problem, but what is
the problem you are having?

Joel

Santi Benito wrote:
> Thanks a lot Martin,but I think that I have the portscan preprocessor
> disabled from the beginning. I do the probes with this preprocessor
> configuration in snort.conf:
> 
> preprocessor flow: stats_interval 0 hash 2
> preprocessor frag2
> preprocessor stream4: disable_evasion_alerts detect_scans
> preprocessor stream4_reassemble
> preprocessor rpc_decode: 111 32771
> preprocessor bo
> preprocessor telnet_decode
> 
> I think that for my purpose, see how many alerts of only p2p traffic it
> detects, I also could disable all the preprocessors, I also saw one
> time that preprocessor http_inspect generated me a lot of alerts and I
> disabled it.
> So if have that configuration, and the problems continues existing,
> what could be the cause?
> My professor has told me to use tethereal,and it catches muck more
> packets than snort, but at 50Mb/s begins dropping packets....so I
> would like to solve the problem of snort, but I don`t know how.
> 
> Thanks a lot, I expect no to have bored you.
> 
> Santi
> 
> 
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=k&kid0709&bid&3057&dat1642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEb3zkKbCSyXHckt4RAk+fAJ9eboitO3CN1JgrN3k3jefMxm6ABwCgl4TQ
ol0YLxB6b9zR6OQx6EfRp8Q=
=e6HT
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list