[Snort-devel] snort v2 pb

Chris Green cmg at ...402...
Fri May 9 08:46:05 EDT 2003

rmkml <rmkml at ...1042...> writes:

> Is there a fix for that pb ?

It's a minor problem. The fact is it is a truncated TCP header.

> and fix for icmp large packet ?

That's rule ordering in 2.0.  The work around is to add a specific
itypes which are processed before the generic rules for ICMP.  All
generic ICMP rule (those w/o itypes) will take place before ones

> and fix for multiple acked packets ?

I don't recall this one.

> and fix for tcp flags ECE/CWR ?

That's an improvement, since you can represet things as 12.
Chris Green <cmg at ...402...>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx

More information about the Snort-devel mailing list