[Snort-devel] stream4 feature request?

Jon Hart jhart at ...1288...
Wed Apr 24 11:49:07 EDT 2002


'afternoon,

As per some traffic on #snort, I've been giving the CVS version of 1.9 a go
on my sensor.  

While I can't say I've seen any bugs, one thing that would make testing
easier would be the ability to turn individual stream4/frag2 tests on or
off.  I could only manage to find a handful of such options.  

For example, if the focus was currently on ttl tweakage in IDS evasion, it
would be cool to use stream4 to detect ttl evasion and ttl evasion only.

i.e.,

preprocessor stream4: none ttl_evasion

....would get me just the ttl_evasion checks.  

I know something like this may require large code revamps, anything to help
make testing more efficient would be cool.

-jon




More information about the Snort-devel mailing list