|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: [Snort-devel] Possible bug with 2.0.2: decoder masking fragroute traffic from stream4 preprocessor
Date: Mon Sep 29 2003 - 10:37:36 EDT
Hi Allen,
The problem with enabling evasion_alerts is that it's very noisy in a lot of environments due to the number of things that look like evasions that are standard foibles of certain IP stacks. Maybe we should reclassify it into "fragroute_attacks" and "stack_noise" or something (if we can break it out even that well).
As far as the decoders generating noise, I find that it's especially useful to turn off the decoder alerts if you don't want to know about every malformed packet that hits your network, depending on which corner of the net you live in it could be pretty noisy.
On another note, we're ramping for a beta release of our latest product this week at Sourcefire, so all of the Sourcefire-based Snort developers are very heads down right now, please give them a little breathing room for the next few days.
Thanks!
-Marty
On Sunday, September 28, 2003, at 07:51 PM, Allen Harper wrote:
> Developers, on the below email, I now see the reason there is no
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure roesch(at)sourcefire.com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-devel mailing list Snort-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/snort-develReceived on Mon Sep 29 10:45:16 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:09 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |