Re: [Snort-users] (no subject)

This is a discussion on Re: [Snort-users] (no subject) within the Snort forums, part of the System Security and Security Related category; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Maybe I lost the first email, so I can't find the problem, but ...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page Re: [Snort-users] (no subject)

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 05-20-2006
Joel Esler
 
Posts: n/a
Default Re: [Snort-users] (no subject)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Maybe I lost the first email, so I can't find the problem, but what is
the problem you are having?

Joel

Santi Benito wrote:
> Thanks a lot Martin,but I think that I have the portscan preprocessor
> disabled from the beginning. I do the probes with this preprocessor
> configuration in snort.conf:
>
> preprocessor flow: stats_interval 0 hash 2
> preprocessor frag2
> preprocessor stream4: disable_evasion_alerts detect_scans
> preprocessor stream4_reassemble
> preprocessor rpc_decode: 111 32771
> preprocessor bo
> preprocessor telnet_decode
>
> I think that for my purpose, see how many alerts of only p2p traffic it
> detects, I also could disable all the preprocessors, I also saw one
> time that preprocessor http_inspect generated me a lot of alerts and I
> disabled it.
> So if have that configuration, and the problems continues existing,
> what could be the cause?
> My professor has told me to use tethereal,and it catches muck more
> packets than snort, but at 50Mb/s begins dropping packets....so I
> would like to solve the problem of snort, but I don`t know how.
>
> Thanks a lot, I expect no to have bored you.
>
> Santi
>
>
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=...&3057&dat1642
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/...fo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEb3zkKbCSyXHckt4RAk+fAJ9eboitO3CN1JgrN3k3je fMxm6ABwCgl4TQ
ol0YLxB6b9zR6OQx6EfRp8Q=
=e6HT
-----END PGP SIGNATURE-----


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 09:43 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0