[Snort-devel] ip datagram checksum
fygrave at ...1...
Fri Sep 29 17:54:01 EDT 2000
~ :Snort doesn't check the checksum, this can be a somewhat expensive operation
~ :for each packet. OTOH, it really should be checked to avoid insertion attacks
~ :on the defragger and stream reassembler. Probably something we should think
~ :hard about adding soon...
We can make it available optionally as plugin. For defragmentation and
tcp stream reassembly it should be a must though, otherwise evasion would
become too easy...
More information about the Snort-devel