[Snort-users] stream5 tcp session without 3-say handshake overload
robm at ...16885...
Tue Aug 12 16:08:19 EDT 2014
I am getting so many alerts in my logs it fill up /var/log/message and
shut down snort. The alert I see most is
stream5: TCP session without 3-way handshake.
I googled it, and everything I find on the "Check_session_hijacking" says
"The default is set to off". I am not sure why I am getting all these
alert if the default is to off, but more importantly, how do I actually
I am fairly sure I know why I am getting them, and that will take a
longer time to fix, so I just need to disable this alert. My snort.conf
does not have anything about session_hijacking in it, so I"m not sure If I
just need to add a line to disable it or what.
Snort 18.104.22.168 GRE (build 47)
Barnyard: 2.1.13 (build 327)
snort is outputting to /var/log/snort.u2 which barnyard is reading and
writing to /var/log/messages
snort.conf: output unified2: filename snort1.u2, limit 128
barnyard.conf : output log_syslog_full: sensor_name xxxxxxx, local,
log_priority log_alert, operation_mode default
Any help would be greatly appreciated
President, Millott and Associates
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users