[Snort-users] Snort.conf

setests setests setests at ...11827...
Tue Feb 23 10:21:58 EST 2016


If I am going to run snort only in IDS mode does it make sense to have this
particular preprocessor turned on with the highlighted options?  In my
opinion the highlighted options are not necessary of IDS only mode oppose
to inline mode.

# Target-Based stateful inspection/stream reassembly.  For more inforation,
see README.stream5
preprocessor stream5_global: track_tcp yes, \
   track_udp yes, \
   track_icmp no, \
   max_tcp 262144, \
   max_udp 131072, \
   max_active_responses 2, \
   min_response_seconds 5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160223/9acbcfaf/attachment.html>

More information about the Snort-users mailing list