#usr/lib/snort_dynamicengine/libsf_engine.so.0
#usr/lib/snort_dynamicengine/libsf_engine.so.0.0.0
usr/lib/snort_dynamicpreprocessor
+#usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.a
+#usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.la
+#usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so
+#usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so.0
+#usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so.0.0.0
#usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.a
-usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la
+#usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la
#usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so
#usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.0
#usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.0.0.0
#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so
#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0
#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0
-#usr/man/man8/snort.8
+#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.a
+#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.la
+#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so
+#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0
+#usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0.0.0
+usr/lib/snort_dynamicrules
+#usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.a
+#usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.la
+#usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so
+#usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.0
+#usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.0.0.0
usr/sbin/snort
+#usr/share/doc/snort
+#usr/share/doc/snort/AUTHORS
+#usr/share/doc/snort/BUGS
+#usr/share/doc/snort/CREDITS
+#usr/share/doc/snort/INSTALL
+#usr/share/doc/snort/NEWS
+#usr/share/doc/snort/PROBLEMS
+#usr/share/doc/snort/README
+#usr/share/doc/snort/README.ARUBA
+#usr/share/doc/snort/README.FLEXRESP
+#usr/share/doc/snort/README.FLEXRESP2
+#usr/share/doc/snort/README.INLINE
+#usr/share/doc/snort/README.PLUGINS
+#usr/share/doc/snort/README.PerfProfiling
+#usr/share/doc/snort/README.SMTP
+#usr/share/doc/snort/README.UNSOCK
+#usr/share/doc/snort/README.WIN32
+#usr/share/doc/snort/README.alert_order
+#usr/share/doc/snort/README.asn1
+#usr/share/doc/snort/README.csv
+#usr/share/doc/snort/README.database
+#usr/share/doc/snort/README.dcerpc
+#usr/share/doc/snort/README.decode
+#usr/share/doc/snort/README.decoder_preproc_rules
+#usr/share/doc/snort/README.dns
+#usr/share/doc/snort/README.event_queue
+#usr/share/doc/snort/README.flow
+#usr/share/doc/snort/README.flow-portscan
+#usr/share/doc/snort/README.flowbits
+#usr/share/doc/snort/README.frag3
+#usr/share/doc/snort/README.ftptelnet
+#usr/share/doc/snort/README.gre
+#usr/share/doc/snort/README.http_inspect
+#usr/share/doc/snort/README.ipip
+#usr/share/doc/snort/README.ipv6
+#usr/share/doc/snort/README.pcap_readmode
+#usr/share/doc/snort/README.ppm
+#usr/share/doc/snort/README.sfportscan
+#usr/share/doc/snort/README.ssh
+#usr/share/doc/snort/README.ssl
+#usr/share/doc/snort/README.stream4
+#usr/share/doc/snort/README.stream5
+#usr/share/doc/snort/README.tag
+#usr/share/doc/snort/README.thresholding
+#usr/share/doc/snort/README.variables
+#usr/share/doc/snort/README.wireless
+#usr/share/doc/snort/TODO
+#usr/share/doc/snort/USAGE
+#usr/share/doc/snort/WISHLIST
+#usr/share/doc/snort/generators
+#usr/share/man/man8/snort.8
var/log/snort
var ORACLE_PORTS 1521
var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
var RULE_PATH /etc/snort/rules
+dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
+dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
###################################################
# Do NOT Edit past this line
###################################################
config detection: search-method lowmem
preprocessor flow: memcap 2097152, stats_interval 0, hash 2
-preprocessor frag2: memcap 2097152
+#preprocessor frag2: memcap 2097152
+preprocessor frag3_global: max_frags 65536
+preprocessor frag3_engine: policy first detect_anomalies
preprocessor stream4: memcap 2097152, detect_scans, disable_evasion_alerts
preprocessor stream4_reassemble: noalerts
-preprocessor http_inspect: global iis_unicode_map unicode.map 1252
-preprocessor http_inspect_server: server default profile all ports { 80 8080 }
+# preprocessor http_inspect: global iis_unicode_map unicode.map 1252
+# preprocessor http_inspect_server: server default profile all ports { 80 8080 }
preprocessor rpc_decode: 111 32771
preprocessor bo
-preprocessor telnet_decode
+#preprocessor telnet_decode
+preprocessor ftp_telnet: global \
+ encrypted_traffic yes \
+ inspection_type stateful
+preprocessor ftp_telnet_protocol: telnet \
+ normalize \
+ ayt_attack_thresh 200
+preprocessor ftp_telnet_protocol: ftp server default \
+ def_max_param_len 100 \
+ alt_max_param_len 200 { CWD } \
+ cmd_validity MODE < char ASBCZ > \
+ cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
+ chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \
+ telnet_cmds yes \
+ data_chan
+preprocessor ftp_telnet_protocol: ftp client default \
+ max_resp_len 256 \
+ bounce yes \
+ telnet_cmds yes
preprocessor flow-portscan: \
scoreboard-memcap-talker 1048576 \
scoreboard-rows-talker 10000 \