[Snort-users] Disabling TCP Timestamp is outside of PAWS window using pulledpork?

Jimmy Crackcorn jimmy.cr4ckc0rn at ...11827...
Mon Jul 26 16:16:01 EDT 2010


On Fri, Jul 23, 2010 at 14:52, Jimmy Crackcorn
<jimmy.cr4ckc0rn at ...11827...> wrote:
> On Fri, Jul 23, 2010 at 10:23, Matt Watchinski
> <mwatchinski at ...1935...> wrote:
>> If you compiled with
>>
>> --enable-decoder-preprocessor-rules
>>
>> and have the preprocessor.rules in your snort.conf, just comment out
>> gid:129 sid:4
>>
>> if you didn't compile with --enable-decoder-preprocessor-rules, then
>> remove "detect_anomalies" from your stream5_tcp config.
>
> Perfect!  Thanks, Matt!

Actually, how would one disable STREAM5_BAD_TIMESTAMP using
pulledpork's disablesid.conf since it shares the same sid (although
diff gids) with other rules?

Cheers!




More information about the Snort-users mailing list