-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Santi,
Perhaps I don't understand whats going on. Your number of alerts
increases when speed increases?
Joel
Santi Benito wrote:
Hello Joel, I could not respond you before because I have not been at
home these days.
My problem was that when my replaying rate from one computer to
another grows the number of alerts pass from 740 at 20Mb/s to 745 at
30Mb/s.
I am only using p2p.rules and bleeding's p2p rules also .
I dont understand this issue.
Another thing is, if it is normal that ethereal catches more p2p
packets from one pcap file than snort.
Thanks a lot.
I think that you have the main configuration of my snort.conf file,no?
I will be very pleased if you could help me.
Santi
On 5/20/06, Joel Esler <joel.esler@sourcefire.com> wrote:
Maybe I lost the first email, so I can't find the problem, but what is
the problem you are having?
Joel
Santi Benito wrote:
Thanks a lot Martin,but I think that I have the portscan preprocessor
disabled from the beginning. I do the probes with this preprocessor
configuration in snort.conf:
preprocessor flow: stats_interval 0 hash 2
preprocessor frag2
preprocessor stream4: disable_evasion_alerts detect_scans
preprocessor stream4_reassemble
preprocessor rpc_decode: 111 32771
preprocessor bo
preprocessor telnet_decode
I think that for my purpose, see how many alerts of only p2p traffic it
detects, I also could disable all the preprocessors, I also saw one
time that preprocessor http_inspect generated me a lot of alerts and I
disabled it.
So if have that configuration, and the problems continues existing,
what could be the cause?
My professor has told me to use tethereal,and it catches muck more
packets than snort, but at 50Mb/s begins dropping packets....so I
would like to solve the problem of snort, but I don`t know how.
Thanks a lot, I expect no to have bored you.
Santi
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services,
security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
http://sel.as-us.falkag.net/sel?cmd=k&kid�0709&bid&3057&dat�1642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEdINkKbCSyXHckt4RAkVyAKCf02qqMDSwUXf2dXyTUFAFLgRbgQCeI/ay
XH8K58AdcJvzCTAjTmGD92k=
=zIZO
-----END PGP SIGNATURE-----
-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
