[Snort-devel] stream4 possible bug

Jon Hart jhart at ...1288...
Wed Apr 24 12:02:12 EDT 2002

I tested the CVS version of snort from monday for about 24 hours.  Because
of resource limitations, I had a choice of either running 1.8.6 on the
sensor or the CVS version -- not both.  Since it is the main sensor, I had
to keep things a bit sane.  

What it came down to was me simply using the stream4 preprocessor with no
options.  However, I still seemed to be getting boatloads of stream4 alerts
despite me thinking that they were all disabled.  Unfortunately I do not
have any of the alerts that were generated during that time as my database
and I had a bit of a disagreement.  

When the stream4 preprocessor is use without options, what should we expect
to be detect?  (this is very similar to my previous email)

keep up the good work,


(PS.  Do you think simply replacing my 1.8.6 processes with the CVS
versions is sufficient for testing?  Or should I be firing fragroute(r) at
our entire infrastructure? :) )

More information about the Snort-devel mailing list