Snort mailing list archives
Re: FW: Bug: snort-2.2.0 appears to be merging separate streams (was: Incorrect payload on acid alerts)
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Sun, 14 Nov 2004 10:18:01 +1300
snortman () hotpop com wrote:
I also think it's related to stream4. I have seen it happen to my sensor with http_inspect disabled. I am using snort 2.1.0 only updated rules up till now should I update to 2.1.3 or 2.2.0 to fix this problem ? Has anyone seen this happen in version 2.1.3 ?
I've seen it with 2.2.0
Additional info:1. I am capturing traffic from 2 VLANS using port span. 2. My traffic is pretty high.Could this be the cause ?
Nope. I'm seeing it on my home snort install (yes, sad I know) - very low traffic. In fact, it's the fact that it's low traffic that allowed me to notice it. Such events happening on our work network are almost impossible to notice. 10 events /day at home is a lot easier to parse by eye that 2000+/day
Jason ------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Bug: snort-2.2.0 appears to be merging separate streams (was: Incorrect payload on acid alerts) Jason Haar (Nov 13)
- <Possible follow-ups>
- FW: Bug: snort-2.2.0 appears to be merging separate streams (was: Incorrect payload on acid alerts) snortman (Nov 13)
- Re: FW: Bug: snort-2.2.0 appears to be merging separate streams (was: Incorrect payload on acid alerts) Jason Haar (Nov 13)