[Snort-users] Frag3 and Stream5 Packet Reassembly for Both Windows and Linux
davespatz at ...11827...
Fri Jun 10 11:30:56 EDT 2016
Question on if I can have a single snort instance reassemble packets both
for Windows and Linux at the same time. I know I can get around this by
running separate instances if I must (one specifying only Windows or Linux)
or specify certain IP's/subnets for which is Windows vs. Linux but I have a
huge mixed subnet of both Linux and Windows and keeping track of them will
be a management nightmare.
Therefore for frag3/stream5:
1. Does snort allow for this and assuming no, would this available in Snort
2. I assume that if I just chose Windows, Linux signatures would fail to
Thank you very much to anyone who can reply.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users