Snort mailing list archives
Re: (snort_decoder) Experimental TCP Options found
From: Martin Roesch <roesch () sourcefire com>
Date: Thu, 3 Jul 2008 10:02:08 -0400
Add 'config disable_tcpopt_alerts' to your snort.conf file.This is a feature of the decoder, not a preprocessor. In general operation it falls into the class of anomaly detection and is not particularly useful for most people. We should probably think about turning it off by default. :)
-Marty
On Jul 3, 2008, at 9:34 AM, Tommy Cansanay wrote:
A little help please. 1) How do I eliminate this from firing? 2) Anybody use this preprocessor at all? Thanks ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org
Attachment:
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (snort_decoder) Experimental TCP Options found Tommy Cansanay (Jul 03)
- Re: (snort_decoder) Experimental TCP Options found Martin Roesch (Jul 03)