[Snort-users] snort- and udp alerts

Alex linux at ...14373...
Thu Jun 26 04:33:31 EDT 2008

> No Stream5 does not override non flow rules, it just enables another set
> of "targeted rules". So without track_udp yes, Snort would only alert on
> rules that target udp without "flow: established" in the rule. With it
> Snort would alert on the regular rules that target udp, as well as ones
> that had "flow: established" and targeted udp.

Thanks for clarification. Now is clear the role of stream5 processor, but the 
main question, still remain unanswered. With default config, does snort 
detect/alert events like broadcast storms or it require aditional setup?


More information about the Snort-users mailing list