[Snort-devel] tought it would have been implemented

Martin Roesch roesch at ...402...
Mon Jun 27 06:28:09 EDT 2005


There's not enough information to really tell what you're complaining  
about here.  Are you referring to the IP defragmenter and if so, are  
you talking about frag2 or frag3?  If you're talking about some other  
type of "UDP fragmentation" could you be more specific?  Care to read  
the BUGS file and submit a proper report?

       -Marty

On Jun 20, 2005, at 4:48 PM, Eric Lauzon wrote:

> Nice to see that snort is still vulnerable to udp fragmentation.
>
> I had in mind that it has been corrected in 2.X but it seem as if its
> blind as a grand grand mother when udp is fragmented, then it will
> likely
> discard,drop without inspection since the nice fragments will timeout.
>
> So all rules for udp need to be re-writen for udp fragmentation ;)
>
> -elz
>
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
> informative Webcasts and more! Get everything you need to get up to
> speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>

-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Network Defense for the Real World - http:// 
www.sourcefire.com
Snort: Open Source Intrusion Detection and Prevention - http:// 
www.snort.org







More information about the Snort-devel mailing list