[Snort-users] stream5 and http_inspect

Joel Esler jesler at ...1935...
Wed Sep 5 09:58:52 EDT 2012

They sure do, in the preprocessors.rules (if you are using that)

Otherwise, you can suppress them.

Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager

On Sep 5, 2012, at 9:49 AM, Pratik Narang <pratik.cse.bits at ...11827...> wrote:

> I am getting excessive number of stram5: TCP small segment threshold exceeded, and http_inspect: long header alerts. I do not want to disable these Preprocessors (stream5 is anyways needed for certain other preprocessors). So what should I do? I guess preprocessors dont really have a 'rule' which I can just comment so that it wont show up, right?
> Thanks.
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

More information about the Snort-users mailing list