[Snort-users] Stream5 question
tunghack at ...11827...
Thu Apr 10 12:51:17 EDT 2008
Please, no one ....?
On Tue, Apr 8, 2008 at 2:29 AM, tung tran <tunghack at ...11827...> wrote:
> Hi all,
> I should also mention that I tested this issue with the newest version
> of Snort. However, I had to send the packet (with invalid sequence and
> ack numbers) repeatedly 3 times (to Snort) before Snort passed one of
> the packets down to the detection engine ( I wrote a rule to check
> On Tue, Apr 8, 2008 at 2:12 AM, tung tran <tunghack at ...11827...> wrote:
> > Hi all,
> > My question is: "is is true that even though Stream5 preprocessor is
> > on (with necessary directives set), Snort always passes a packet down
> > to the detection engine even though the packet has invalid sequence
> > number/ acknowledge number which is not expected by the receiver and
> > the packet is normally discarded by the receiver ?". Is there a way to
> > tell Snort not to passes packets with invalid sequence/acknowledge
> > numbers down to the detection engine? I tested this with the newest
> > version of Snort.
> > Thanks,
> > Tung.
More information about the Snort-users