[Snort-users] Stream5 reassembly

Joel Esler jesler at ...1935...
Mon May 31 07:31:30 EDT 2010


This is something that is necessary for the proper intended operation of Snort, yes. 

--
Sent from my iPad
Joel Esler
302-223-5974
Jabber:jesler at ...1935...

On May 31, 2010, at 7:09 AM, Parag Pote <pipsparag at ...131...> wrote:

> Thanks patrick.
> 
> But I didn't hear you saying if it is mandatory or can we ignore it? Is it just an added feature?
> 
> Parag
> 
> --- On Mon, 5/31/10, Patrick Billings <pbillings at ...1935...> wrote:
> 
>> From: Patrick Billings <pbillings at ...1935...>
>> Subject: Re: [Snort-users] Stream5 reassembly
>> To: "Parag Pote" <pipsparag at ...131...>
>> Cc: snort-users at lists.sourceforge.net
>> Date: Monday, May 31, 2010, 3:34 AM
>> Hi-
>> 
>> The ports option which can be configured as ports client |
>> server |
>> both is needed to set which ports the preprocessor will
>> perform stream
>> re-assembly on.
>> 
>> For example, if you are wanting to re-assemble the traffic
>> to your
>> webserver, then you would want to check for port 80 for
>> http(tcp)
>> traffic but you may not care not be concerned about the
>> port the
>> browser is using, as it will be a random port.
>> 
>> The default setting is:  ports client 21 23 25 42 53
>> 80 110 111 135
>> 136  137 139 143 445 513 514 1433 1521 2401 3306
>> 
>> HTH,
>> 
>> Patrick
>> 
>> On Mon, May 31, 2010 at 1:31 PM, Parag Pote <pipsparag at ...131...>
>> wrote:
>>> Hi,
>>> 
>>> What does ports (ports client and ports both) means in
>> stream5 preprocessor? Just had a glance at the code and it
>> says it does reassembly when we configure this option. Just
>> wanted to know is it mandatory to configure it or optional
>> one? If we do not configure do we miss any functionality?
>>> 
>>> Rgds,
>>> Parag
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>> ------------------------------------------------------------------------------
>>> 
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>> 
>> 
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list