[Snort-users] how enable icmp snort-2.9.6.1

hernani coelho.hernani at ...16858...
Mon Jun 16 16:08:59 EDT 2014


Em 16-06-2014 18:02, James Lay escreveu:
> On 2014-06-16 10:26, hernani wrote:
>> hello,
>>   i forgot error,
>>
>>   WARNING: Stream5 ICMP misconfigured (policy 0).
>>   Jun 16 17:20:04 hernani snort[23563]: ERROR: Stream5 not properly
>> configured... exiting
>>
>>   hernani
>>   thanks
>>
>> Em 16-06-2014 17:07, hernani escreveu:
>>
>>> hello,
>>>
>>> How can i enable icmp snort-2.9.6.1
>>>
>>> i change
>>> preprocessor stream5_global: track_tcp yes,
>>> track_udp yes,
>>> track_icmp no, ------> TRACK_ICMP YES, snort not start.
>>>
>>> someone can help me?
>>>
>>> thanks
>>>
>>> hernani coelho
> Per the docs:
>
> ICMP Configuration
> ------------------
> NOTE: ICMP is currently untested, in minimal code form and is NOT ready
> for use in production networks.  It is not turned on by default.
>
> Configuration for ICMP session tracking.  Since there is no target
> based
> binding, there should be only one occurrence of the ICMP configuration.
> - Preprocessor name: stream5_icmp
> - Options:
>       timeout <number (secs)> - Session timeout.  The default is "30",
> the
>                                 minimum is "1", and the maximum is
> "86400"
>                                 (approximately 1 day).
>
>
>
> Add a corresponding stream5_icmp entry and see what happens.
>
> James
>
>
>
hello,

i put preprocessor and error disappear  but snort dont detect icmp.


this is preprocessor portscan


preprocessor sfportscan: proto  { all } scan_type { all } memcap { 
10000000 } sense_level { High }



and this

preprocessor stream5_global: track_tcp yes, \
    track_udp yes, \
    track_icmp yes, \
    max_tcp 262144, \
    max_udp 131072, \
    max_active_responses 2, \
    min_response_seconds 5
Preprocessor stream5_icmp:

  thanks

hernani coelho




More information about the Snort-users mailing list