[Snort-devel] snort v2 pb

rmkml rmkml at ...1042...
Fri May 9 08:55:10 EDT 2003


Chris Green wrote:

> rmkml <rmkml at ...1042...> writes:
>
> > Is there a fix for that pb ?
>
> It's a minor problem. The fact is it is a truncated TCP header.
>
> > and fix for icmp large packet ?
>
> That's rule ordering in 2.0.  The work around is to add a specific
> itypes which are processed before the generic rules for ICMP.  All
> generic ICMP rule (those w/o itypes) will take place before ones
> without.
>
> > and fix for multiple acked packets ?
>
> I don't recall this one.

http://www.pantek.com/library/linux/lists/snort.org/snort-devel/msg00305.html

>
>
> > and fix for tcp flags ECE/CWR ?
>
> That's an improvement, since you can represet things as 12.

can you explain ?


Thanks.





More information about the Snort-devel mailing list