[Snort-devel] wrong checksum alerts

Mike Poor mike at ...2738...
Tue Nov 1 05:44:38 EST 2005


Yes, the -k option.  I recommend against doing this, as if Snort accepts 
packets with an invalid checksum (IP or embedded protocol), it would be 
subject to an insertion attack (see Ptacek and Newsham's paper on evasion 
and insertion attacks).

Mike Poor

--On Wednesday, October 19, 2005 11:49 AM +0530 Sumit Siddharth 
<sumit.siddharth at ...2499...> wrote:

> Dear List,
> I have noticed that snort simply ignores the packet with wrong tcp
> checksum without giving an alert
> Is there any option available to throw this alert.
> Thanks
> Sumit
>
> --
> Sumit Siddharth
> Btech--IIT Kanpur
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads, discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>








More information about the Snort-devel mailing list