[Snort-users] Stream5 reassembly

Parag Pote pipsparag at ...131...
Mon May 31 08:04:23 EDT 2010


Thanks Joel.

But I guess since it is configure only for some specific ports it is not mandatory, right?

Rgds,
Parag


--- On Mon, 5/31/10, Joel Esler <jesler at ...1935...> wrote:

> From: Joel Esler <jesler at ...1935...>
> Subject: Re: [Snort-users] Stream5 reassembly
> To: "Parag Pote" <pipsparag at ...131...>
> Cc: "Patrick Billings" <pbillings at ...1935...>, "snort-users at ...4137...orge.net" <snort-users at lists.sourceforge.net>
> Date: Monday, May 31, 2010, 7:31 AM
> This is something that is necessary
> for the proper intended operation of Snort, yes. 
> 
> --
> Sent from my iPad
> Joel Esler
> 302-223-5974
> Jabber:jesler at ...1935...
> 
> On May 31, 2010, at 7:09 AM, Parag Pote <pipsparag at ...131...>
> wrote:
> 
> > Thanks patrick.
> > 
> > But I didn't hear you saying if it is mandatory or can
> we ignore it? Is it just an added feature?
> > 
> > Parag
> > 
> > --- On Mon, 5/31/10, Patrick Billings <pbillings at ...1935...>
> wrote:
> > 
> >> From: Patrick Billings <pbillings at ...1935...>
> >> Subject: Re: [Snort-users] Stream5 reassembly
> >> To: "Parag Pote" <pipsparag at ...131...>
> >> Cc: snort-users at lists.sourceforge.net
> >> Date: Monday, May 31, 2010, 3:34 AM
> >> Hi-
> >> 
> >> The ports option which can be configured as ports
> client |
> >> server |
> >> both is needed to set which ports the preprocessor
> will
> >> perform stream
> >> re-assembly on.
> >> 
> >> For example, if you are wanting to re-assemble the
> traffic
> >> to your
> >> webserver, then you would want to check for port
> 80 for
> >> http(tcp)
> >> traffic but you may not care not be concerned
> about the
> >> port the
> >> browser is using, as it will be a random port.
> >> 
> >> The default setting is:  ports client 21 23
> 25 42 53
> >> 80 110 111 135
> >> 136  137 139 143 445 513 514 1433 1521 2401
> 3306
> >> 
> >> HTH,
> >> 
> >> Patrick
> >> 
> >> On Mon, May 31, 2010 at 1:31 PM, Parag Pote <pipsparag at ...131...>
> >> wrote:
> >>> Hi,
> >>> 
> >>> What does ports (ports client and ports both)
> means in
> >> stream5 preprocessor? Just had a glance at the
> code and it
> >> says it does reassembly when we configure this
> option. Just
> >> wanted to know is it mandatory to configure it or
> optional
> >> one? If we do not configure do we miss any
> functionality?
> >>> 
> >>> Rgds,
> >>> Parag
> >>> 
> >>> 
> >>> 
> >>> 
> >>> 
> >>> 
> >>
> ------------------------------------------------------------------------------
> >>> 
> >>>
> _______________________________________________
> >>> Snort-users mailing list
> >>> Snort-users at lists.sourceforge.net
> >>> Go to this URL to change user options or
> unsubscribe:
> >>> https://lists.sourceforge.net/lists/listinfo/snort-users
> >>> Snort-users list archive:
> >>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >>> 
> >> 
> > 
> > 
> > 
> > 
> > 
> >
> ------------------------------------------------------------------------------
> > 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 








More information about the Snort-users mailing list