[Snort-devel] Stream4 - Random Flush points

Daniel Roelker droelker at ...402...
Tue Oct 5 07:22:05 EDT 2004

It's so attackers can't predict where we flush a stream, allowing them
to break the attack across two reassembled packets and evade rule


On Tue, 2004-10-05 at 05:55, Dennis George wrote:
> Hi all,
> Can anybody tell me that why a random flush point is taken in snort..... why don't we use some static flush points.....
> I am talking about spp_stream4.c file... In this to flush a stream it is checked with a flush_point stored in the session which is randomly chosen...
> Thanks in advance.
> Dennis
> ---------------------------------
> Do you Yahoo!?
> New and Improved Yahoo! Mail - 100MB free storage!
Daniel Roelker
Lead Snort Developer
Sourcefire, Inc.

More information about the Snort-devel mailing list