Snort mailing list archives

Re: [Snort-users] 2.9.0.1 performance issue

From: matan monitz <mmonitz () gmail com>
Date: Thu, 18 Nov 2010 19:17:44 +0200

point taken, thanks
my fault for misunderstanding recent announcements

On Thu, Nov 18, 2010 at 7:07 PM, Russ Combs <rcombs () sourcefire com> wrote:



On Thu, Nov 18, 2010 at 11:26 AM, L0rd Ch0de1m0rt <
l0rdch0de1m0rt () gmail com> wrote:

Hello.  To be clear, there is no fix for the "http_inspect\stream
reassembly" bug at the moment (if there is a fix in SVN, let me know
so I can take action here b/c this is seriously a non-trivial bug for
me).  Apparently it is an issue with Stream5 having premature buffer
flushing issues.

Government/Critical Infrastructure companies take note: this bug leads
to easy IDS/IPS evasion and this issue, "predates Snort 2.9.0"
according to Sourcefire.


The reassembly fix is in the next release which is going through QA now and
will be released "soon".  Sorry I can't give you an exact date.

Also note that actual evasion depends on the timing of acknowledgements
from target to attacking host and so it isn't always "easy".


-L0rd C.

On Thu, Nov 18, 2010 at 10:09 AM, matan monitz <mmonitz () gmail com> wrote:

sounds related to the http_inspect\stream reassembly bugfix



------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Current thread:

2.9.0.1 performance issue Frank Eberle (Nov 18)
- Re: [Snort-users] 2.9.0.1 performance issue Matt Olney (Nov 18)
  - Re: [Snort-users] 2.9.0.1 performance issue matan monitz (Nov 18)
    - Re: [Snort-users] 2.9.0.1 performance issue L0rd Ch0de1m0rt (Nov 18)
    - Re: [Snort-users] 2.9.0.1 performance issue Eoin Miller (Nov 18)
    - Re: [Snort-users] 2.9.0.1 performance issue Russ Combs (Nov 18)
    - Re: [Snort-users] 2.9.0.1 performance issue matan monitz (Nov 18)
- Re: 2.9.0.1 performance issue Russ Combs (Nov 18)