[Snort-users] Stream5 question

tung tran tunghack at ...11827...
Thu Apr 10 12:51:17 EDT 2008


Please, no one ....?

On Tue, Apr 8, 2008 at 2:29 AM, tung tran <tunghack at ...11827...> wrote:
> Hi all,
>  I should also mention that I tested this issue with the newest version
>  of Snort. However, I had to send the packet (with invalid sequence and
>  ack numbers) repeatedly 3 times (to Snort) before Snort passed one of
>  the packets down to the detection engine ( I wrote a rule to check
>  this)
>  Thanks,
>
>
>
>  On Tue, Apr 8, 2008 at 2:12 AM, tung tran <tunghack at ...11827...> wrote:
>  > Hi all,
>  >  My question is: "is is true that even though Stream5 preprocessor is
>  >  on (with necessary directives set), Snort always passes a packet down
>  >  to the detection engine even though the packet has invalid sequence
>  >  number/ acknowledge number which is not expected by the receiver and
>  >  the packet is normally discarded by the receiver ?". Is there a way to
>  >  tell Snort not to passes packets with invalid sequence/acknowledge
>  >  numbers down to the detection engine? I tested this with the newest
>  >  version of Snort.
>  >  Thanks,
>  >  Tung.
>  >
>




More information about the Snort-users mailing list