[Snort-devel] tought it would have been implemented

Eric Lauzon eric.lauzon at ...1967...
Mon Jun 20 13:49:41 EDT 2005


Nice to see that snort is still vulnerable to udp fragmentation.

I had in mind that it has been corrected in 2.X but it seem as if its
blind as a grand grand mother when udp is fragmented, then it will
likely
discard,drop without inspection since the nice fragments will timeout.

So all rules for udp need to be re-writen for udp fragmentation ;)

-elz





More information about the Snort-devel mailing list