Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Disabling TCP Timestamp is outside of PAWS window?

From: Matt Watchinski <mwatchinski () sourcefire com>
Date: Fri, 23 Jul 2010 12:23:31 -0400
If you compiled with

--enable-decoder-preprocessor-rules

and have the preprocessor.rules in your snort.conf, just comment out
gid:129 sid:4

if you didn't compile with --enable-decoder-preprocessor-rules, then
remove "detect_anomalies" from your stream5_tcp config.

Cheers,
-matt

On Fri, Jul 23, 2010 at 11:32 AM, Jimmy Crackcorn
<jimmy.cr4ckc0rn () gmail com> wrote:

It looks like it's part of stream5, but is there a way to disable this alert?

Cheers

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-- 
Matthew Watchinski
Sr. Director Vulnerability Research Team (VRT)
Sourcefire, Inc.
Office: 410-423-1928
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/

------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: