[Snort-users] beta 6 available

Martin Roesch roesch at ...421...
Tue Nov 28 19:17:43 EST 2000


Ok, beta 6 is in CVS.  I've tweaked the memory management for the IP defragger
a bit and added in some code to clear out old fragments more
quickly/efficiently.  I think that there may be a small memory leak in there
that I can't find, so if some of you guys with big nets could give it a try
I'd appreciate it.

The defragger also checks IP checksums now, so insertion attacks against it
should fail.  I also added in some new fragment counters so you can see what
the disposition of frags are coming out of the program (or it'll dump current
packet stats to the console if you hit it with a SIGUSR1).

I also tweaked the PID file generation stuff so that it should work better
(e.g. not core immediately) on Solaris 7 (tested on my home setup).

There are some other little tweaks as well, so check it out and let us know
how it's working.

CAVEAT: This is beta code, so don't blow away your functioning Snort setup
with this just yet... :)

     -Marty

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list