Change max_client_bytes in SSH preprocessor

IDS/IPS
Log in to reply
  • A

    Hi,

    How to change max_client_bytes in SSH preprocessor? If I put that in Advanced Configuration Pass-Through

    preprocessor ssh:
            max_client_bytes 19600

    Then SNORT won't start up. Probably because I have duplicated preprocessor ssh: with the one provided by pfsense. I tried disabling SSH altogether and putting it again but snort also refuses to come back up.

    pfsense version is 2.4.2-RELEASE-p1 and SNORT is 2.9.9.0

    Thanks!
    Michał

    0
  • bmeeks

    @alchemyx:

    Hi,

    How to change max_client_bytes in SSH preprocessor? If I put that in Advanced Configuration Pass-Through

    preprocessor ssh:
            max_client_bytes 19600

    Then SNORT won't start up. Probably because I have duplicated preprocessor ssh: with the one provided by pfsense. I tried disabling SSH altogether and putting it again but snort also refuses to come back up.

    pfsense version is 2.4.2-RELEASE-p1 and SNORT is 2.9.9.0

    Thanks!
    Michał

    At the moment that is not a configurable parameter within the GUI.  And using the Advanced Passthrough feature doesn't work with preprocessors because of how the internal GUI code works for now.

    I will add this parameter to the next Snort GUI update.  I'm working on some other Snort updates and hope to get an updated package posted in a couple of weeks or so.

    Bill

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy