FW: [Snort-users] Bug: snort-2.2.0 appears to be merging separate streams (was: Incorrect payload on acid alerts)
Jason.Haar at ...294...
Sat Nov 13 13:19:05 EST 2004
snortman at ...8908... wrote:
> I also think it's related to stream4. I have seen it happen to my sensor
>with http_inspect disabled.
>I am using snort 2.1.0 only updated rules up till now should I update to
>2.1.3 or 2.2.0 to fix this problem ?
>Has anyone seen this happen in version 2.1.3 ?
I've seen it with 2.2.0
>1. I am capturing traffic from 2 VLANS using port span.
>2. My traffic is pretty high.
>Could this be the cause ?
Nope. I'm seeing it on my home snort install (yes, sad I know) - very
low traffic. In fact, it's the fact that it's low traffic that allowed
me to notice it. Such events happening on our work network are almost
impossible to notice. 10 events /day at home is a lot easier to parse by
eye that 2000+/day
More information about the Snort-users