Re: 'conifg stateful' option

[waldo kitty <wkitty42 () windstream net>]

On 11/13/2013 6:17 PM, Jeremy Hoel wrote:
> We noticed that our snort boxes didn't trigger on a rule that was
> reported by an upstream provider.  Taking the pcaps and playing them
> back against a stock snort.conf shows that the rule triggers. Once of
> the differences between the configs is that ours included "config
> stateful". From most of the documentation, this is a holdover from the
> stream4 processor and we are configured to use stream5 (2.9.5.5), but
> when that statement was in the config, the udp packets wouldn't
> trigger the rule.  Comment it out and it did.

do you still have any stream4 config stuff in your configs? i've been under the 
impression that since stream5 came out, all stream4 stuff should be completely 
removed from one's config...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access
Free app hosting. Or install the open source package on any LAMP server.
Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native!
http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!