From b6494fa19d1cc638a3ba3a5e7f0c00f1ced89701 Mon Sep 17 00:00:00 2001 From: robiscool Date: Fri, 18 Sep 2009 05:28:13 -0700 Subject: snort-dev, tracking of enabe disable rules after updates, add oinkmaster.pl, improve snorts performance, reduce snorts memory by 52 mb, more info in snort.xml and snort_advanced --- config/snort-dev/snort.inc | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'config/snort-dev/snort.inc') diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index ad6eefcb..58aa3bf6 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -1119,14 +1119,17 @@ preprocessor frag3_engine: policy first preprocessor frag3_engine: policy bsd detect_anomalies preprocessor stream5_global: max_tcp 8192, track_tcp yes, \ -track_udp yes, track_icmp yes +track_udp yes +# adds 50 megs to mem +# track_icmp yes preprocessor stream5_tcp: bind_to any, policy windows preprocessor stream5_tcp: bind_to any, policy linux preprocessor stream5_tcp: bind_to any, policy vista preprocessor stream5_tcp: bind_to any, policy macos preprocessor stream5_tcp: policy BSD, ports both all, use_static_footprint_sizes preprocessor stream5_udp -preprocessor stream5_icmp +# adds 50 mgs to mem +# preprocessor stream5_icmp ########################## # @@ -1146,11 +1149,12 @@ preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000 preprocessor http_inspect: global iis_unicode_map unicode.map 1252 preprocessor http_inspect_server: server default \ - ports { 80 8080 3128 } \ + ports { 80 } \ no_alerts \ non_strict \ non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \ - flow_depth 0 \ + flow_depth 400 \ + client_flow_depth 300 \ apache_whitespace yes \ directory no \ iis_backslash no \ @@ -1160,8 +1164,9 @@ preprocessor http_inspect_server: server default \ bare_byte yes \ double_decode yes \ iis_unicode yes \ - iis_delimiter yes \ - multi_slash no + iis_delimiter no \ + multi_slash no \ + oversize_dir_length 450 ################## # -- cgit v1.2.3