Re: [Snort-users] Stream5 question
This is a discussion on Re: [Snort-users] Stream5 question within the Snort forums, part of the System Security and Security Related category; Hi all, I should also mention that I tested this issue with the newest version of Snort. However, I had ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-08-2008
|
|||
|
|||
Re: [Snort-users] Stream5 question
Hi all,
I should also mention that I tested this issue with the newest version of Snort. However, I had to send the packet (with invalid sequence and ack numbers) repeatedly 3 times (to Snort) before Snort passed one of the packets down to the detection engine ( I wrote a rule to check this) Thanks, On Tue, Apr 8, 2008 at 2:12 AM, tung tran <tunghack@gmail.com> wrote: > Hi all, > My question is: "is is true that even though Stream5 preprocessor is > on (with necessary directives set), Snort always passes a packet down > to the detection engine even though the packet has invalid sequence > number/ acknowledge number which is not expected by the receiver and > the packet is normally discarded by the receiver ?". Is there a way to > tell Snort not to passes packets with invalid sequence/acknowledge > numbers down to the detection engine? I tested this with the newest > version of Snort. > Thanks, > Tung. > ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Register now and save $200. Hurry, offer ends at 11:59 p.m., Monday, April 7! Use priority code J8TLD2. http://ad.doubleclick.net/clk;198757...un.com/javaone _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
