[Snort-users] Fwd: stream5 reassembly and split-tcp handshaking
kungupanda at ...11827...
Wed Apr 27 08:27:48 EDT 2011
No responses received : (
Any insights from the community techies and/or the sourcefire guru's ?
---------- Forwarded message ----------
From: Kungu Panda <kungupanda at ...11827...>
Date: Mon, Apr 25, 2011 at 5:55 PM
Subject: stream5 reassembly and split-tcp handshaking
To: snort-users at lists.sourceforge.net
There has been a lot of press recently regarding exploits using tcp
split handshaking to evading IDS/IPS solutions:
(a) How does snort/stream5 handle split-tcp handshakes ?
(b) Does snort maintain correct flow directionality when
reassembling split-tcp sessions ?
(c) Are there signatures to detect attempts to establish split-tcp
More information about the Snort-users