[Snort-users] FATAL ERROR: Cannot check flow connection for non-TCP traffic

Nathaniel Richmond nate+snort at ...14258...
Mon Jan 28 13:14:43 EST 2008


If you're using stream4, either switch to stream5 or use
"--enable-stream4udp" among your other options when configuring. I'm
guessing the consensus would be to use stream5.

Nate

Security Admin (NetSec) wrote:
> I have googled for this error for a few months now (running latest
> 2.8.0.1) for a few weeks now, and have not found a reasonable
> solution to this problem.  The cause appears to be in the udp rule
> set for just about every single udp rule across multiple rules sets.
>  The solutions I have found thus far have been to either modify the
> specific rule (which could take forever depending on the # of udp
> rules I have to modify), disabling the udp rule (again
> time-consuming) or disabling the rule set entirely.  I tried the
> third method, but with the amount of rulesets removed it left me
> with little to analyze.
>
> I suspect a better solution is around, so if anyone knows and can
> respond, much appreciated.
>
> FYI I am not running IpCop
>
> Best Regards,
>
> Edward Ray
>
> --
> This mail was scanned by BitDefender
> For more informations please visit http://www.bitdefender.co
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>





More information about the Snort-users mailing list