Re: [Snort-users] Missing Portscanners in 2.8 - Flow-Portscan vs
This is a discussion on Re: [Snort-users] Missing Portscanners in 2.8 - Flow-Portscan vs within the Snort forums, part of the System Security and Security Related category; No. I tried it originally and snort failed with: FATAL ERROR: Stream5 and flow cannot be used at the same ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-24-2008
|
|||
|
|||
Re: [Snort-users] Missing Portscanners in 2.8 - Flow-Portscan vs
No. I tried it originally and snort failed with:
FATAL ERROR: Stream5 and flow cannot be used at the same time, as Stream5 provides the same functionality as flow. Thanks! Fritz rmkml wrote: > Hi Frederick, > do you have enabled preprocessor flow on snort.conf ? > Regards > Rmkml > > > On Mon, 24 Mar 2008, frederick sonnichsen wrote: > >> Date: Mon, 24 Mar 2008 15:22:17 -0400 >> From: frederick sonnichsen <fsonnichsen@whoi.edu> >> To: snort-users@lists.sourceforge.net >> Subject: [Snort-users] Missing Portscanners in 2.8 - Flow-Portscan vs >> stream5 >> >> I have converted from 2.3.3 to 2.8.0.2. >> Running both versions now, the newer version detects fewer portscans and >> sweeps. I stated looking into the preprocessors: >> >> Per the doc, stream5 replaces stream4, and also the flow preprocessors. >> However, due to the missing detection I decided to add back the >> Flow-Portscan. When I do this I get the following message at snort >> startup: >> FATAL ERROR: /etc/snort/snort.conf(806) flow-portscan requires >> spp_flow to be enabled! >> >> I cannnot find anything about the option spp_flow or how to turn it on. >> Any ideas? >> Thanks >> Fritz >> >> >> ------------------------------------------------------------------------- >> >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2008. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> _______________________________________________ >> Snort-users mailing list >> Snort-users@lists.sourceforge.net >> Go to this URL to change user options or unsubscribe: >> https://lists.sourceforge.net/lists/...fo/snort-users >> Snort-users list archive: >> http://www.geocrawler.com/redir-sf.p...st=snort-users >> > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 01:20 PM.
