Snort mailing list archives
Re: Snort 2.6.1.3 ignoring stream4
From: "Paul Melson" <pmelson () gmail com>
Date: Thu, 19 Apr 2007 15:12:58 -0400
If I am not mistaken we got Paul on the path yesterday and all is well
now. I wil let him provide
details if he feels it appropriate.
The culprit was a pair of old (circa 2.1) rules that had only a pcre: pattern. These combined with changes made to Snort's pcre functionality between 2.6.0 and 2.6.1 to cause the performance problem. Adding flow: conditions to these rules fixed the problem. If you're interested, I posted some more of the gory details on my blog: http://pmelson.blogspot.com PaulM ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort 2.6.1.3 ignoring stream4, (continued)
- Re: Snort 2.6.1.3 ignoring stream4 Adam Keeton (Apr 05)
- Re: Snort 2.6.1.3 ignoring stream4 Joel Esler (Apr 05)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Joel Esler (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Darryl Taylor (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 07)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 16)
- Re: Snort 2.6.1.3 ignoring stream4 Frank Knobbe (Apr 18)
- Re: Snort 2.6.1.3 ignoring stream4 Justin Heath (Apr 18)
- Message not available
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 19)
- Re: Snort 2.6.1.3 ignoring stream4 Nigel Houghton (Apr 19)