[Snort-devel] 'established' with Snort 2.x on openbsd

Chris Green cmg at ...81...
Fri Apr 2 06:59:05 EST 2004


Jon Hart <warchild at ...1775...> writes:

> So, I'm either going to hack xl(4) to disable the checksums or just swap
> to other cards in the system.

You can also turn off checksumming for snort.  Even nicer would be to
modify to do that for only particular IPs ( since normally only 1
machine in your network is having that problem when it's the source of
the traffic.

If you are only doing read back analysis, netdude (netdude.sf.net)
contains a plugin that will fix checksums that works quite well.
Heck, if if you don't want to do that, that project deserves a
periodic plug.
-- 
Chris Green <cmg at ...2257...>
Chicken's thinkin'





More information about the Snort-devel mailing list