Snort mailing list archives

Re: Disabling TCP Timestamp is outside of PAWS window?

From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 23 Jul 2010 14:35:05 -0400

On 7/23/2010 12:23, Matt Watchinski wrote:

If you compiled with

--enable-decoder-preprocessor-rules

and have the preprocessor.rules in your snort.conf, just comment out
gid:129 sid:4

if you didn't compile with --enable-decoder-preprocessor-rules, then
remove "detect_anomalies" from your stream5_tcp config.


what other anomaly detections would be lost by commenting out "detect_anomalies"?

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Disabling TCP Timestamp is outside of PAWS window? Jimmy Crackcorn (Jul 23)
- Re: Disabling TCP Timestamp is outside of PAWS window? Matt Watchinski (Jul 23)
  - Re: Disabling TCP Timestamp is outside of PAWS window? waldo kitty (Jul 23)
    - Re: Disabling TCP Timestamp is outside of PAWS window? Matthew Watchinski (Jul 23)
  - Re: Disabling TCP Timestamp is outside of PAWS window? Jimmy Crackcorn (Jul 23)