[Snort-users] stream5 and http_inspect

Joel Esler jesler at ...1935...
Wed Sep 5 09:58:52 EDT 2012


They sure do, in the preprocessors.rules (if you are using that)

Otherwise, you can suppress them.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

On Sep 5, 2012, at 9:49 AM, Pratik Narang <pratik.cse.bits at ...11827...> wrote:

> I am getting excessive number of stram5: TCP small segment threshold exceeded, and http_inspect: long header alerts. I do not want to disable these Preprocessors (stream5 is anyways needed for certain other preprocessors). So what should I do? I guess preprocessors dont really have a 'rule' which I can just comment so that it wont show up, right?
> 
> Thanks.
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list