Snort mailing list archives
RE: spp_stream4 false positives..
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Mon, 12 Aug 2002 14:44:20 -0400
Un-comment disable_evasion_alerts in snort.conf.
-----Original Message----- From: Preston Kutzner [mailto:grdnwsl () mrichi com] Sent: Monday, August 12, 2002 2:36 PM To: snort-users () lists sourceforge net Subject: [Snort-users] spp_stream4 false positives.. This is probably a dumb question, but I'm getting a LOT of "(spp_stream4) possible EVASIVE RST detection" alerts since upgrading to 1.9.0beta2. I was just wondering if there is a way to turn this particular alert off, seeing as how it's a preprocessor, and not in the "rules" per-se. I'm still a newbie at using snort, and I was just curious on how to solve this problem, as I didn't have it with 1.8.7. Thanks in advance. -- Preston Kutzner | IT Manager Marketing Resources, Inc. _________________________________________________________________ The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- spp_stream4 false positives.. Preston Kutzner (Aug 12)
- <Possible follow-ups>
- RE: spp_stream4 false positives.. McCammon, Keith (Aug 12)
- Re[2]: spp_stream4 false positives.. Preston Kutzner (Aug 12)