Project

General

Profile

Actions

Bug #15222

closed

HTTP_Inspect Preprocessor Engine: wrong legend on parameters

Added by Ronald Antony 10 months ago. Updated 9 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Snort
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
2.7.2
Affected Plus Version:
Affected Architecture:

Description

Server Flow Depth has the following legend:

Amount of HTTP server response payload to inspect. Minimum is -1 and maximum is 65535. -1 disables HTTP inspect and 0 enables all HTTP inspect. Default is 1460.
Snort's performance may increase by adjusting this value. Setting this value too low may cause false negatives. Values above 0 are specified in bytes. *Recommended setting is maximum (1460)* .

The recommended setting, if truly the max. is recommended, should read 65535 not 1460.

Similarly, but opposite:

Client Flow Depth has the following legend:

Amount of raw HTTP client request payload to inspect. Minimum is -1 and maximum is 1460. -1 disables HTTP inspect and 0 enables all HTTP inspect. Default is 65535.
Snort's performance may increase by adjusting this value. Setting this value too low may cause false negatives. Values above 0 are specified in bytes. *Recommended setting is maximum (65535)* .

The recommended setting exceeds the maximum of 1460, and thus, if truly the max. is recommended, should read 1460 not 65535

Actions

Also available in: Atom PDF