[Snort-users] inconsistency docu vs. snort.conf

Marcin Dulak marcin.dulak at ...11827...
Wed Jan 25 06:53:31 EST 2017


Hi,

I think there are more inconsistencies, e.g. small_segments is not 0 as
stated in https://www.snort.org/faq/readme-stream5
It has been reported at
https://www.reddit.com/r/netsecstudents/comments/5dns4l/creating_content_snort_rules/
so the inconsistency was probably already present in Snort 2.9.8.3, or
maybe even longer

Marcin

On Wed, Jan 25, 2017 at 12:18 PM, Felix Erlacher <felix.erlacher at ...17763....>
wrote:

> Hi all,
>
> I think I just found an inconsistency between the official documentation
> and the example snort.conf file.
> In the current documentation for Snort 2.9.9 (dated November 14)
> available on the snort.org webpage it says on page 46 for the
> preprocessor stream5_tcp option "require_3whs" --> "the default is set
> to off" and for the session grace period of that option "The default is
> ”0”".
> But in the sample snort.conf file in the snort 2.9.9.0 tarball as well
> as the one on the webpage (https://www.snort.org/configurations) the
> require_3whs option is enabled and the grace period set to 180 seconds.
>
> The same holds for the "detect_anomalies" option, docu says default is
> off, in example snort.conf it is turned on.
>
> greetings
>
> --
> Felix Erlacher
>
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170125/6c809b15/attachment.html>


More information about the Snort-users mailing list