[Snort-users] Re: Snort swapping src and dst in binary log?

Tony Lill ajlill at ...9635...
Thu Jul 10 05:20:22 EDT 2003


I've seen it for quite a while, and it's not just in writing the
binary log files. I usually see http requests stitched into mail
streams. I even submitted a bug report. You'd think you'd see more
concern about a bug that renders all of snort's reports suspect.

I'm guessing that there's a problem with stream re-assembly, perhaps
if you comment out all the pre-processors, and if that's ok, add them
back one at a time.
--
Tony Lill,                         Tony.Lill at ...1685...
President, A. J. Lill Consultants        fax/data (519) 650 3571
539 Grand Valley Dr., Cambridge, Ont. N3H 2S2     (519) 241 2461
--------------- http://www.ajlc.waterloo.on.ca/ ----------------
"Welcome to All Things UNIX, where if it's not UNIX, it's CRAP!"




More information about the Snort-users mailing list