[Snort-devel] Removal of flags A+ in favor of established
Kreimendahl, Chad J
Chad.Kreimendahl at ...1167...
Tue May 21 08:19:03 EDT 2002
Everything appears wonderful now. The only thing I notice that anyone may
(spp_stream4) TTL EVASION (reassemble) detection
When I first start up snort on a large pipe, I'll get a few of these. It's
a short burst of them (10-20 in my tests), that doesn't happen again (or
hasn't happened again in the 10 minutes I've had it running).
I tested this by starting up 147 on a few of our other interfaces, and had
similar results. This may just relate to our TTL... Our minTTL is 1 and our
TTL Limit is 5.
From: Chris Green
Sent: Tuesday, May 21, 2002 9:51 AM
To: Kreimendahl, Chad J
Cc: 'snort-devel at lists.sourceforge.net'
Subject: Re: [Snort-devel] Removal of flags A+ in favor of established
Changed. Disable evasion alerts should do the right thing for you now
Chris Green <cmg at ...402...>
"Not everyone holds these truths to be self-evident, so we've worked
up a proof of them as Appendix A." -- Paul Prescod
More information about the Snort-devel