[Snort-devel] help I'm stuck inside spp_stream4.c and can't get out.

Chris Green cmg at ...402...
Mon Jun 30 08:10:01 EDT 2003


"Mike Chandler" <mchandl1 at ...1977...> writes:

>
> O.K.  I'm probably going to get rightously flamed for this email but
> I'm running out of time and I need to ask someone.  I'm a SANS GCIA
> student, trying to prepare my paper for a GIAC certification.  I
> thought I would write about the Integer Overflow in Stream4 (remember
> http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10)?
> It seemed like a good example to hold up and show people why they need
> use a receive only cable on their IDS.  If someone can find an
> overflow in a well written program like Snort, then using a tap or
> receive only cable is only sensible.

TAP + non-routed management network.
-- 
Chris Green <cmg at ...402...>
Don't use a big word where a diminutive one will suffice.




More information about the Snort-devel mailing list