Snort mailing list archives
Re: Disabling TCP Timestamp is outside of PAWS window?
From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 23 Jul 2010 14:35:05 -0400
On 7/23/2010 12:23, Matt Watchinski wrote:
If you compiled with --enable-decoder-preprocessor-rules and have the preprocessor.rules in your snort.conf, just comment out gid:129 sid:4 if you didn't compile with --enable-decoder-preprocessor-rules, then remove "detect_anomalies" from your stream5_tcp config.
what other anomaly detections would be lost by commenting out "detect_anomalies"? ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Disabling TCP Timestamp is outside of PAWS window? Jimmy Crackcorn (Jul 23)
- Re: Disabling TCP Timestamp is outside of PAWS window? Matt Watchinski (Jul 23)
- Re: Disabling TCP Timestamp is outside of PAWS window? waldo kitty (Jul 23)
- Re: Disabling TCP Timestamp is outside of PAWS window? Matthew Watchinski (Jul 23)
- Re: Disabling TCP Timestamp is outside of PAWS window? Jimmy Crackcorn (Jul 23)
- Re: Disabling TCP Timestamp is outside of PAWS window? waldo kitty (Jul 23)
- Re: Disabling TCP Timestamp is outside of PAWS window? Matt Watchinski (Jul 23)