[Snort-devel] stream4 possible bug

Jon Hart jhart at ...1288...
Wed Apr 24 12:02:12 EDT 2002


I tested the CVS version of snort from monday for about 24 hours.  Because
of resource limitations, I had a choice of either running 1.8.6 on the
sensor or the CVS version -- not both.  Since it is the main sensor, I had
to keep things a bit sane.  

What it came down to was me simply using the stream4 preprocessor with no
options.  However, I still seemed to be getting boatloads of stream4 alerts
despite me thinking that they were all disabled.  Unfortunately I do not
have any of the alerts that were generated during that time as my database
and I had a bit of a disagreement.  

When the stream4 preprocessor is use without options, what should we expect
to be detect?  (this is very similar to my previous email)

keep up the good work,

-jon

(PS.  Do you think simply replacing my 1.8.6 processes with the CVS
versions is sufficient for testing?  Or should I be firing fragroute(r) at
our entire infrastructure? :) )






More information about the Snort-devel mailing list