[Snort-devel] Removal of flags A+ in favor of established
Kreimendahl, Chad J
Chad.Kreimendahl at ...1167...
Mon May 20 13:50:03 EDT 2002
Well, figures that I just nuked most of my dev database... But here are
the two I have left:
(spp_stream4) TCP CHECKSUM CHANGED ON RETRANSMISSION (possible fragroute)
(spp_stream4) TCP TOO FAST RETRANSMISSION WITH DIFFERENT DATA SIZE (possible
From: Chris Green [mailto:cmg at ...402...]
Sent: Monday, May 20, 2002 3:38 PM
To: Kreimendahl, Chad J
Cc: 'snort-devel at lists.sourceforge.net'
Subject: Re: [Snort-devel] Removal of flags A+ in favor of established
"Kreimendahl, Chad J" <Chad.Kreimendahl at ...1167...> writes:
> Asynchlink question...
> Nope, we actually don't, but it seemed to be the only way to avoid the
> large burden of several evasion alerts that were actually not evasions
> (our firewall or core router causes most of them to happen).
Evasion alerts from what? Whats the prefix? :-)
anyway, I have now added internal_alerts option to http_decode if you want
alerts from the http decoder. That's being worked on as well. It's noiser
than the old one :)
Chris Green <cmg at ...402...>
Fame may be fleeting but obscurity is forever.
More information about the Snort-devel