[Snort-users] stream5 issues

This is a discussion on [Snort-users] stream5 issues within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. --===============0679823111== Content-class: urn:content-classes:message Content-Type: multipart/alternative; ...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page [Snort-users] stream5 issues

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 04-07-2008
John Hally
 
Posts: n/a
Default [Snort-users] stream5 issues
This is a multi-part message in MIME format.

--===============0679823111==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C898C6.40D897CA"

This is a multi-part message in MIME format.

------_=_NextPart_001_01C898C6.40D897CA
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello all,

running into an issue that I'm stumped on. when setting up stream5 I'm
getting the following:

snort[15925]: WARNING: Stream5 TCP default policy not specified in
configuration=20
snort[15925]: WARNING: Stream5 TCP misconfigured=20
snort[15925]: FATAL ERROR: Stream5 not properly configured... exiting

the problem is the stream5 setup is minimal:

preprocessor stream5_global: track_tcp yes, track_udp yes, track_icmp no
preprocessor stream5_udp: ignore_any_rules
preprocessor stream5_tcp: bind_to any, policy windows, detect_anomalies


does anyone see anything wrong? =20

thanks!

John.




------_=_NextPart_001_01C898C6.40D897CA
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7652.24">
<TITLE>stream5 issues</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">Hello =
all,</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">running into an =
issue that I'm stumped on.&nbsp; when setting up stream5 I'm getting the =
following:</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">snort[15925]: =
WARNING: Stream5 TCP default policy not specified in configuration =
</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">sn</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">ort[15925]: WARNING: Stream5 TCP misconfigured =
</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">snort[15925]: =
FATAL ERROR: Stream5 not properly configured... =
exiting</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">the problem is =
the stream5 setup is minimal:</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">preprocessor =
stream5_global: track_tcp yes, track_udp yes, track_icmp =
no</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">preprocessor =
stream5_udp: ignore_any_rules</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">preprocessor =
stream5_tcp: bind_to any, policy windows, =
detect_anomalies</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>
<BR>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT FACE=3D"Calibri">does anyone see =
anything wrong?</FONT></SPAN><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">&nbsp; </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">thanks!</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT =
FACE=3D"Calibri">John.</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>
<BR>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN></P>

</BODY>
</HTML>
------_=_NextPart_001_01C898C6.40D897CA--


--===============0679823111==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Register now and save $200. Hurry, offer ends at 11:59 p.m.,
Monday, April 7! Use priority code J8TLD2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
--===============0679823111==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
--===============0679823111==--

Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 09:37 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0