--- snort.conf.orig 2006-11-13 15:07:30.000000000 -0500 +++ snort.conf 2006-11-13 15:09:51.000000000 -0500 @@ -182,7 +182,7 @@ # Load all dynamic preprocessors from the install path # (same as command line option --dynamic-preprocessor-lib-dir) # -dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ +#dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ # # Load a specific dynamic preprocessor library from the install path # (same as command line option --dynamic-preprocessor-lib) @@ -192,7 +192,7 @@ # Load a dynamic engine from the install path # (same as command line option --dynamic-engine-lib) # -dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so +#dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so # # Load all dynamic rules libraries from the install path # (same as command line option --dynamic-detection-lib-dir) @@ -556,32 +556,32 @@ # or use commandline option # --dynamic-preprocessor-lib -preprocessor ftp_telnet: global \ - encrypted_traffic yes \ - inspection_type stateful - -preprocessor ftp_telnet_protocol: telnet \ - normalize \ - ayt_attack_thresh 200 +#preprocessor ftp_telnet: global \ +# encrypted_traffic yes \ +# inspection_type stateful +# +#preprocessor ftp_telnet_protocol: telnet \ +# normalize \ +# ayt_attack_thresh 200 # This is consistent with the FTP rules as of 18 Sept 2004. # CWD can have param length of 200 # MODE has an additional mode of Z (compressed) # Check for string formats in USER & PASS commands # Check nDTM commands that set modification time on the file. -preprocessor ftp_telnet_protocol: ftp server default \ - def_max_param_len 100 \ - alt_max_param_len 200 { CWD } \ - cmd_validity MODE < char ASBCZ > \ - cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ - chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \ - telnet_cmds yes \ - data_chan - -preprocessor ftp_telnet_protocol: ftp client default \ - max_resp_len 256 \ - bounce yes \ - telnet_cmds yes +#preprocessor ftp_telnet_protocol: ftp server default \ +# def_max_param_len 100 \ +# alt_max_param_len 200 { CWD } \ +# cmd_validity MODE < char ASBCZ > \ +# cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \ +# chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \ +# telnet_cmds yes \ +# data_chan +# +#preprocessor ftp_telnet_protocol: ftp client default \ +# max_resp_len 256 \ +# bounce yes \ +# telnet_cmds yes # smtp: SMTP normalizer, protocol enforcement and buffer overflow # --------------------------------------------------------------------------- @@ -599,15 +599,15 @@ # or use commandline option # --dynamic-preprocessor-lib -preprocessor smtp: \ - ports { 25 } \ - inspection_type stateful \ - normalize cmds \ - normalize_cmds { EXPN VRFY RCPT } \ - alt_max_command_line_len 260 { MAIL } \ - alt_max_command_line_len 300 { RCPT } \ - alt_max_command_line_len 500 { HELP HELO ETRN } \ - alt_max_command_line_len 255 { EXPN VRFY } +#preprocessor smtp: \ +# ports { 25 } \ +# inspection_type stateful \ +# normalize cmds \ +# normalize_cmds { EXPN VRFY RCPT } \ +# alt_max_command_line_len 260 { MAIL } \ +# alt_max_command_line_len 300 { RCPT } \ +# alt_max_command_line_len 500 { HELP HELO ETRN } \ +# alt_max_command_line_len 255 { EXPN VRFY } # sfPortscan # ---------- @@ -759,10 +759,10 @@ # or use commandline option # --dynamic-preprocessor-lib -preprocessor dcerpc: \ - autodetect \ - max_frag_size 3000 \ - memcap 100000 +#preprocessor dcerpc: \ +# autodetect \ +# max_frag_size 3000 \ +# memcap 100000 # DNS #---------------------------------------- @@ -778,9 +778,9 @@ # or use commandline option # --dynamic-preprocessor-lib -preprocessor dns: \ - ports { 53 } \ - enable_rdata_overflow +#preprocessor dns: \ +# ports { 53 } \ +# enable_rdata_overflow #################################################################### # Step #4: Configure output plugins