preprocessor normalize_ip4
preprocessor normalize_tcp: ips ecn stream
preprocessor normalize_icmp4
-preprocessor normalize_ip6
-preprocessor normalize_icmp6
# Target-based IP defragmentation. For more inforation, see README.frag3
preprocessor frag3_global: max_frags 65536
telnet_cmds yes
# SMTP normalization and anomaly detection. For more information, see README.SMTP
-reprocessor smtp: ports { 25 465 587 691 } \
+preprocessor smtp: ports { 25 465 587 691 } \
inspection_type stateful \
enable_mime_decoding \
max_mime_depth 20480 \
xlink2state { enabled }
# Portscan detection. For more information, see README.sfportscan
- preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { medium }
+preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { medium }
# ARP spoof detection. For more information, see the Snort Manual - Configuring Snort - Preprocessors - ARP Spoof Preprocessor
# preprocessor arpspoof