[Snort-users] Stream5

Nicholas Horton fivetenets at ...14399...
Wed Aug 22 23:06:04 EDT 2012


Thanks E. I love the link :). Cracks me up.

I'll take a look. I saw some of the googles got rid of the messages by tweaking some of the options but I was trying to understand more if I should up the max values for example or if there is an issue with the machine that keeps triggering this alert.

I'll try to read up more on the tcp small segment option more to understand what its looking for.

Thanks again,
Nick

On Aug 22, 2012, at 3:40 PM, Edward Fjellskål <edwardfjellskaal at ...14540...27...> wrote:

> On 08/22/2012 08:58 PM, Nicholas Horton wrote:
>> I am getting a large amount of "stream5: TCP Small Segment Threshold Exceeded" alerts. 
>> 
>> Where should I start investigating this preprocessor message and how to correct the issue or alert?
> 
> Have you tried google ?
> 
> http://bit.ly/Nhhoxi
> 
> The first hit there brings you to a thread on this issue :)
> 
> E
> 
>> 
>> Thanks,
>> Nick
>> 
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and 
>> threat landscape has changed and how IT managers can respond. Discussions 
>> will include endpoint security, mobile security and the latest in malware 
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>> 
> 
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list