[Snort-devel] tought it would have been implemented
eric.lauzon at ...1967...
Mon Jun 20 13:49:41 EDT 2005
Nice to see that snort is still vulnerable to udp fragmentation.
I had in mind that it has been corrected in 2.X but it seem as if its
blind as a grand grand mother when udp is fragmented, then it will
discard,drop without inspection since the nice fragments will timeout.
So all rules for udp need to be re-writen for udp fragmentation ;)
More information about the Snort-devel