Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: snort.org > snort-devel > 03 > 060599.html (Request Expert snort.org Support)

Re: [Snort-devel] Header mixup Bug in Snort 2.0?

From: Tony Lill <ajlill(at)ajlc.waterloo.on.ca>
Date: Fri Jun 20 2003 - 23:17:56 EDT


Worse than that, it will also stitch together packets from different TCP streams, and then alert on them. Check the dumps on all your 'Gnutella GET' errors. I get lots with say, a couple of web requests and part of a mail message all supposedly from the same conversation. 

--
Tony Lill,                         Tony.Lill@AJLC.Waterloo.ON.CA
President, A. J. Lill Consultants        fax/data (519) 650 3571
539 Grand Valley Dr., Cambridge, Ont. N3H 2S2     (519) 241 2461
--------------- 
http://www.ajlc.waterloo.on.ca/ ----------------
"Welcome to All Things UNIX, where if it's not UNIX, it's CRAP!"


>>>>> "Erik" == Erik Norman  writes:




    Erik> Hi all,

    Erik> I've run across some faulty reporting, where a certain packet correctly
    Erik> generates an alarm, but where the header information (IP, ports etc) are
    Erik> from another packet! It's a Bad Thing. Since i'm also have a complete
    Erik> tcpdump log of everything, i feel rather sure what i'm talking about.


-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting 
http://www.inetu.net/partner/index.php
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Received on Mon Jun 23 09:53:48 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:06 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library