Preprocessors
137
memcap
Maximum amount of memory used by the module
(default: 8 MB)
detect_scan
Detects port scan activity (default: INACTIVE)
detect_state_problems
Detects miscellaneous problems related to TCP streams
(default: INACTIVE)
The general format of the stream4_reassemble preprocessor is as follows:
preprocessor stream4_reassemble: [clientonly],
   [serveronly],[noalerts],[ports]
Here is a brief explanation of arguments to stream4_reassemble preprocessor:
clientonly
Reassembles client side stream data packets.
serveronly
Reassembles server side stream data packets.
noalerts
Don't alert for insertion or evasion type attacks.
ports
List of ports for which streams will be assembled. The
port numbers should be separated by a space character.
The keyword  all  will enable reassembly on port num 
bers 21 (FTP), 23 (Telnet), 25 (SMTP), 53 (DNS), 80
(HTTP), 110 (POP3), 111, 143, and 513. The port feature
is very useful if you want to enable reassembly for only a
few services. It saves CPU time.
Snort type attacks can be detected and/or ignored with this preprocessor. For more
information, see http://www.sec33.com/sniph/. 
4.1.5
The spade Module
Detailed information about Statistical Packet Anomaly Detection Engine
(SPADE) is available at http://www.silicondefense.com/software/spice/index.htm. It is
used to detect general packet anomalies in IP packets and a number of preprocessor
keywords are associated with it. They are listed in commented form in the default
snort.conf configuration file that comes with Snort distribution. SPADE keeps a
record of history data and uses threshold values to report anomalies. For a detailed dis 
cussion, please see the README and Usage links on the web site mentioned above.
You should keep in mind some efficiency and memory requirements for SPADE.
It can take a lot of memory to keep SPADE's statistical data and  significant processing
power may be required on high load networks.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved