Snort - the de facto standard for intrusion detection/prevention
the de facto standard in IPS  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Snort Downloads Snort Rules Snort Docs Snort Training Snort Forums Snort Community Snort Store
Search Site
Search Rules
Account
email
password
not registered?
can't login?
user preferences
next up previous contents
Next: Alerts Up: DCE/RPC Previous: DCE/RPC   Contents

Configuration

The proprocessor has several configuration options. They are described below:

The configuration options are described below:

73.
autodetect Ignore configured ports - examine all packets in attempt to determine SMB or DCE/RPC traffic. Default is on

74.
ports smb { $<$port$>$ [<$port$> <...>] } dcerpc { $<$port$>$ [<$port$> <...>] } Ports that the preprocessor monitors for SMB and DCE/RPC traffic. Default is not configured (although default values would be 139 and 445 for SMB and 35 for DCE/RPC).

75.
disable_smb_frag Do not attempt to reassemble SMB fragmentation. Default is off (not configured).

76.
disable_dcerpc_frag Do not attempt to reassemble DCE/RPC fragmentation. Default is off (not configured).

77.
max_frag_size $<$number$>$ Maximum reassembled fragment size, in bytes. Default 3000 bytes.

78.
memcap $<$number$>$ Maximum amount of memory available to the DCE/RPC preprocessor, in kilobytes. Default 100000.


Steven Sturges 2008-04-01
site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.