Snort mailing list archives
Re: Snort Upgrade
From: Matt Watchinski <mwatchinski () sourcefire com>
Date: Wed, 8 Apr 2009 13:40:01 -0400
You'll need to add something like the following to your snort.conf for 2.8.4 and the new dcerpcv2 preprocessor dcerpc2: memcap 102400, events [smb, co, cl] preprocessor dcerpc2_server: default, policy WinXP, \ detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \ autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \ smb_max_chain 3 and remove the old preprocessor dcerpc statements. Cheers, -matt On Wed, Apr 8, 2009 at 1:34 PM, Jefferson, Shawn <Shawn.Jefferson () bcferries com> wrote:
Hi, I’m about to do the snort upgrade (just waiting for a clone of my machine to finish). Do we need to manually add anything to our existing snort.conf file to have the new dcperc pre-processor work? Or anything else for that matter? Thanks, Shawn ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Matthew Watchinski Sr. Director Vulnerability Research Team (VRT) Sourcefire, Inc. Office: 410-423-1928 http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/ ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Upgrade Jefferson, Shawn (Apr 08)
- Re: Snort Upgrade Matt Watchinski (Apr 08)
- Re: Snort Upgrade Jefferson, Shawn (Apr 08)
- Re: Snort Upgrade Joel Esler (Apr 08)
- Re: Snort Upgrade Jefferson, Shawn (Apr 08)
- Re: Snort Upgrade Matt Watchinski (Apr 08)