Snort mailing list archives
Re: [snort-devel] sfportscan and SYN scan with data
From: Virgil Hemery <virgil.hemery () gmail com>
Date: Tue, 26 Apr 2011 19:39:41 +0200
I submit the following patch. It seems to work quite well but probably in a
wrong way. It updates the session flags of ACK packets that belong to a low
session but for which no TCP session has been created.
Looking forward to your reply.
--- snort_stream5_tcp.c.old 2011-04-26 19:31:12.000000000 +0200
+++ snort_stream5_tcp.c 2011-04-26 19:25:34.000000000 +0200
@@ -7496,6 +7496,11 @@
* we missed).
*/
/* Do nothing. */
+
+ GetLWPacketDirection(p,lwssn);
+ if(p->packet_flags & PKT_FROM_SERVER)
+ lwssn->session_flags |= SSNFLAG_SEEN_SERVER;
+
PREPROC_PROFILE_END(s5TcpStatePerfStats);
return ACTION_NOTHING | retcode;
}
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- [snort-devel] sfportscan and SYN scan with data Virgil Hemery (Apr 24)
- Re: [snort-devel] sfportscan and SYN scan with data Russ Combs (Apr 25)
- Message not available
- Re: [snort-devel] sfportscan and SYN scan with data Virgil Hemery (Apr 29)
- Message not available
- Re: [snort-devel] sfportscan and SYN scan with data Russ Combs (Apr 25)
- Re: [snort-devel] sfportscan and SYN scan with data Virgil Hemery (Apr 26)