[Snort-devel] stream4 feature request?
cmg at ...402...
Thu Apr 25 07:56:03 EDT 2002
Jon Hart <jhart at ...1288...> writes:
> As per some traffic on #snort, I've been giving the CVS version of 1.9 a go
> on my sensor.
> While I can't say I've seen any bugs, one thing that would make testing
> easier would be the ability to turn individual stream4/frag2 tests on or
> off. I could only manage to find a handful of such options.
> For example, if the focus was currently on ttl tweakage in IDS evasion, it
> would be cool to use stream4 to detect ttl evasion and ttl evasion only.
Yes, after real world usage and having a reason for the stream
assembler to really alert, we will have to do this and have a
"ignore_common" or something like that option
Chris Green <cmg at ...402...>
This is my signature. There are many like it but this one is mine.
More information about the Snort-devel