Updated snort to Version 2.8.3.2

2026-04-28 11:43:25 +02:00 · 2009-04-07 12:11:15 +02:00
parent f502f0fc4c
commit 4fba936cc8
4 changed files with 97 additions and 9 deletions
--- a/config/snort/snort.conf
+++ b/config/snort/snort.conf
@@ -26,20 +26,42 @@ var SHELLCODE_PORTS !80
 var ORACLE_PORTS    1521
 var AIM_SERVERS     [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
 var RULE_PATH       /etc/snort/rules
+dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
+dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/

 ###################################################
 # Do NOT Edit past this line
 ###################################################
 config detection: search-method lowmem
 preprocessor flow: memcap 2097152, stats_interval 0, hash 2
-preprocessor frag2: memcap 2097152
+#preprocessor frag2: memcap 2097152
+preprocessor frag3_global: max_frags 65536
+preprocessor frag3_engine: policy first detect_anomalies
 preprocessor stream4: memcap 2097152, detect_scans, disable_evasion_alerts
 preprocessor stream4_reassemble: noalerts
-preprocessor http_inspect: global iis_unicode_map unicode.map 1252
-preprocessor http_inspect_server: server default profile all ports { 80 8080 }
+# preprocessor http_inspect: global iis_unicode_map unicode.map 1252
+# preprocessor http_inspect_server: server default profile all ports { 80 8080 }
 preprocessor rpc_decode: 111 32771
 preprocessor bo
-preprocessor telnet_decode
+#preprocessor telnet_decode
+preprocessor ftp_telnet: global \
+   encrypted_traffic yes \
+   inspection_type stateful
+preprocessor ftp_telnet_protocol: telnet \
+   normalize \
+   ayt_attack_thresh 200
+preprocessor ftp_telnet_protocol: ftp server default \
+   def_max_param_len 100 \
+   alt_max_param_len 200 { CWD } \
+   cmd_validity MODE < char ASBCZ > \
+   cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
+   chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \
+   telnet_cmds yes \
+   data_chan
+preprocessor ftp_telnet_protocol: ftp client default \
+   max_resp_len 256 \
+   bounce yes \
+   telnet_cmds yes
 preprocessor flow-portscan: \
 	scoreboard-memcap-talker 1048576 \
 	scoreboard-rows-talker 10000 \