[Snort-users] Stream5 question

tung tran tunghack at ...11827...
Tue Apr 8 02:12:16 EDT 2008


Hi all,
My question is: "is is true that even though Stream5 preprocessor is
on (with necessary directives set), Snort always passes a packet down
to the detection engine even though the packet has invalid sequence
number/ acknowledge number which is not expected by the receiver and
the packet is normally discarded by the receiver ?". Is there a way to
tell Snort not to passes packets with invalid sequence/acknowledge
numbers down to the detection engine? I tested this with the newest
version of Snort.
Thanks,
Tung.




More information about the Snort-users mailing list