[Snort-devel] Stream4 - Random Flush points

Daniel Roelker droelker at ...402...
Tue Oct 5 07:22:05 EDT 2004


It's so attackers can't predict where we flush a stream, allowing them
to break the attack across two reassembled packets and evade rule
detection.

Dan

On Tue, 2004-10-05 at 05:55, Dennis George wrote:
> 
> Hi all,
> 
> Can anybody tell me that why a random flush point is taken in snort..... why don't we use some static flush points.....
> 
> I am talking about spp_stream4.c file... In this to flush a stream it is checked with a flush_point stored in the session which is randomly chosen...
> 
> Thanks in advance.
> 
> Dennis
> 
>  
> 
> 		
> ---------------------------------
> Do you Yahoo!?
> New and Improved Yahoo! Mail - 100MB free storage!
-- 
Daniel Roelker
Lead Snort Developer
Sourcefire, Inc.





More information about the Snort-devel mailing list