[Snort-devel] Header mixup Bug in Snort 2.0?
ajlill at ...267...
Mon Jun 23 06:32:08 EDT 2003
Worse than that, it will also stitch together packets from different
TCP streams, and then alert on them. Check the dumps on all your
'Gnutella GET' errors. I get lots with say, a couple of web requests
and part of a mail message all supposedly from the same
Tony Lill, Tony.Lill at ...551...
President, A. J. Lill Consultants fax/data (519) 650 3571
539 Grand Valley Dr., Cambridge, Ont. N3H 2S2 (519) 241 2461
--------------- http://www.ajlc.waterloo.on.ca/ ----------------
"Welcome to All Things UNIX, where if it's not UNIX, it's CRAP!"
>>>>> "Erik" == Erik Norman <erik.norman at ...2028...> writes:
Erik> Hi all,
Erik> I've run across some faulty reporting, where a certain packet correctly
Erik> generates an alarm, but where the header information (IP, ports etc) are
Erik> from another packet! It's a Bad Thing. Since i'm also have a complete
Erik> tcpdump log of everything, i feel rather sure what i'm talking about.
More information about the Snort-devel