[Snort-users] Disabling TCP Timestamp is outside of PAWS window using pulledpork?
jimmy.cr4ckc0rn at ...11827...
Mon Jul 26 16:16:01 EDT 2010
On Fri, Jul 23, 2010 at 14:52, Jimmy Crackcorn
<jimmy.cr4ckc0rn at ...11827...> wrote:
> On Fri, Jul 23, 2010 at 10:23, Matt Watchinski
> <mwatchinski at ...1935...> wrote:
>> If you compiled with
>> and have the preprocessor.rules in your snort.conf, just comment out
>> gid:129 sid:4
>> if you didn't compile with --enable-decoder-preprocessor-rules, then
>> remove "detect_anomalies" from your stream5_tcp config.
> Perfect! Thanks, Matt!
Actually, how would one disable STREAM5_BAD_TIMESTAMP using
pulledpork's disablesid.conf since it shares the same sid (although
diff gids) with other rules?
More information about the Snort-users