[Snort-users] Frag3 and Stream5 Packet Reassembly for Both Windows and Linux

Dave Spatz davespatz at ...11827...
Fri Jun 10 11:30:56 EDT 2016


Hello,

Question on if I can have a single snort instance reassemble packets both
for Windows and Linux at the same time. I know I can get around this by
running separate instances if I must (one specifying only Windows or Linux)
or specify certain IP's/subnets for which is Windows vs. Linux but I have a
huge mixed subnet of both Linux and Windows and keeping track of them will
be a management nightmare.


Therefore for frag3/stream5:

1. Does snort allow for this and assuming no, would this available in Snort
3.x?
2. I assume that if I just chose Windows, Linux signatures would fail to
match, correct?

Thank you very much to anyone who can reply.

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160610/2f5ae3a6/attachment.html>


More information about the Snort-users mailing list