[Snort-users] snort-18.104.22.168 and udp alerts
linux at ...14373...
Thu Jun 26 04:33:31 EDT 2008
> No Stream5 does not override non flow rules, it just enables another set
> of "targeted rules". So without track_udp yes, Snort would only alert on
> rules that target udp without "flow: established" in the rule. With it
> Snort would alert on the regular rules that target udp, as well as ones
> that had "flow: established" and targeted udp.
Thanks for clarification. Now is clear the role of stream5 processor, but the
main question, still remain unanswered. With default config, does snort
detect/alert events like broadcast storms or it require aditional setup?
More information about the Snort-users