[Snort-devel] [Snort-users] 2.9.0.1 performance issue

matan monitz mmonitz at ...2499...
Thu Nov 18 12:17:44 EST 2010


point taken, thanks
my fault for misunderstanding recent announcements

On Thu, Nov 18, 2010 at 7:07 PM, Russ Combs <rcombs at ...402...> wrote:

>
>
> On Thu, Nov 18, 2010 at 11:26 AM, L0rd Ch0de1m0rt <
> l0rdch0de1m0rt at ...2499...> wrote:
>
>> Hello.  To be clear, there is no fix for the "http_inspect\stream
>> reassembly" bug at the moment (if there is a fix in SVN, let me know
>> so I can take action here b/c this is seriously a non-trivial bug for
>> me).  Apparently it is an issue with Stream5 having premature buffer
>> flushing issues.
>>
>> Government/Critical Infrastructure companies take note: this bug leads
>> to easy IDS/IPS evasion and this issue, "predates Snort 2.9.0"
>> according to Sourcefire.
>>
>
> The reassembly fix is in the next release which is going through QA now and
> will be released "soon".  Sorry I can't give you an exact date.
>
> Also note that actual evasion depends on the timing of acknowledgements
> from target to attacking host and so it isn't always "easy".
>
>
>
>>
>> -L0rd C.
>>
>> On Thu, Nov 18, 2010 at 10:09 AM, matan monitz <mmonitz at ...2499...> wrote:
>> > sounds related to the http_inspect\stream reassembly bugfix
>> >
>>
>>
>> ------------------------------------------------------------------------------
>> Beautiful is writing same markup. Internet Explorer 9 supports
>> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
>> Spend less time writing and  rewriting code and more time creating great
>> experiences on the web. Be a part of the beta today
>> http://p.sf.net/sfu/msIE9-sfdev2dev
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20101118/8d6106d7/attachment.html>


More information about the Snort-devel mailing list