Re: [Snort-users] Stream5 question

Please, no one ....?

On Tue, Apr 8, 2008 at 2:29 AM, tung tran <tunghack@gmail.com> wrote:
> Hi all,
> I should also mention that I tested this issue with the newest version
> of Snort. However, I had to send the packet (with invalid sequence and
> ack numbers) repeatedly 3 times (to Snort) before Snort passed one of
> the packets down to the detection engine ( I wrote a rule to check
> this)
> Thanks,
>
>
>
> On Tue, Apr 8, 2008 at 2:12 AM, tung tran <tunghack@gmail.com> wrote:
> > Hi all,
> > My question is: "is is true that even though Stream5 preprocessor is
> > on (with necessary directives set), Snort always passes a packet down
> > to the detection engine even though the packet has invalid sequence
> > number/ acknowledge number which is not expected by the receiver and
> > the packet is normally discarded by the receiver ?". Is there a way to
> > tell Snort not to passes packets with invalid sequence/acknowledge
> > numbers down to the detection engine? I tested this with the newest
> > version of Snort.
> > Thanks,
> > Tung.
> >
>

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users