Snort mailing list archives
Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission
From: Amm Snort <ammdispose-snort () yahoo com>
Date: Fri, 10 Aug 2012 00:09:48 +0800 (SGT)
Ok. I see there was cvs.snort.org once not anymore. Is there a way to get patch that went in 2.9.4 fixing this bug? May be its not sourcefire's policy to release whole 2.9.4 tree before being released but is it possible to get this particular patch? It will anyway be open source in a month or so. So may be it should be fine. Because i think this is a bit serious issue as it causes lot of inconvenience esp. if internet line is showing abt 5% packet loss. Thanks Amm.
________________________________ From: Joel Esler <jesler () sourcefire com> To: Russ Combs <rcombs () sourcefire com> Cc: Amm Snort <ammdispose-snort () yahoo com>; "snort-devel () lists sourceforge net" <snort-devel () lists sourceforge net> Sent: Thursday, 9 August 2012 9:25 PM Subject: Re: [Snort-devel] preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission We don't release the roadmap of Snort ahead of time externally yet. While there isn't much that will affect installation and usage in 2.9.4, I will have to start talking about 2.9.5 ahead of time, as it's going to change a lot of things. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Aug 8, 2012, at 11:10 AM, Russ Combs <rcombs () sourcefire com> wrote:On Wed, Aug 8, 2012 at 11:04 AM, Amm Snort <ammdispose-snort () yahoo com> wrote: Thanks for quick response.I do not see 2.9.4 on snort.org. So I assume its not yet released.Correct - not out yet.Where do I see development version OR atleast its SVN changelog To know what new features/fixes can i expect and more to know existing bugs fixed in 2.9.4Unfortunately, that information is not available online.Amm.________________________________ From: Russ Combs <rcombs () sourcefire com> To: Amm Snort <ammdispose-snort () yahoo com> Cc: "snort-devel () lists sourceforge net" <snort-devel () lists sourceforge net> Sent: Wednesday, 8 August 2012 8:19 PM Subject: Re: [Snort-devel] preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission On Wed, Aug 8, 2012 at 8:18 AM, Amm Snort <ammdispose-snort () yahoo com> wrote: I believe "normalize_tcp" drops retry-SYNs because they do not match first SYN packet.So is there any work around for this? Or am I missing any configuration directive?We have already fixed this for the 2.9.4 release. The workaround for now is to disable normalize_tcp.
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 08)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 08)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 08)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 08)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Joel Esler (Aug 09)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 09)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 10)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 10)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 08)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 08)