[Snort-devel] ip datagram checksum

Fyodor fygrave at ...1...
Fri Sep 29 17:54:01 EDT 2000


~ :Snort doesn't check the checksum, this can be a somewhat expensive operation
~ :for each packet.  OTOH, it really should be checked to avoid insertion attacks
~ :on the defragger and stream reassembler.  Probably something we should think
~ :hard about adding soon...
~ :

 We can make it available optionally as plugin. For defragmentation and
tcp stream reassembly it should be a must though, otherwise evasion would
become too easy...




More information about the Snort-devel mailing list