Snort mailing list archives
Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission
From: Amm Snort <ammdispose-snort () yahoo com>
Date: Sat, 11 Aug 2012 00:14:09 +0800 (SGT)
Hello all, I am attaching a temporary workaround (one line patch). Do not know if this could be final fix. Do not know if this is right fix and do not know if it has any bad side effect. So use at your own risk. It atleast resolves (bypasses) the problem I described. Please do post if you think this has bad side effect or you have better solution. Thanks Amm.
________________________________ From: Amm Snort <ammdispose-snort () yahoo com> To: Joel Esler <jesler () sourcefire com>; Russ Combs <rcombs () sourcefire com> Cc: "snort-devel () lists sourceforge net" <snort-devel () lists sourceforge net> Sent: Thursday, 9 August 2012 9:39 PM Subject: Re: [Snort-devel] preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Ok. I see there was cvs.snort.org once not anymore. Is there a way to get patch that went in 2.9.4 fixing this bug? May be its not sourcefire's policy to release whole 2.9.4 tree before being released but is it possible to get this particular patch? It will anyway be open source in a month or so. So may be it should be fine. Because i think this is a bit serious issue as it causes lot of inconvenience esp. if internet line is showing abt 5% packet loss. Thanks Amm.
Attachment:
snort-2.9.3.1-syndrop.patch
Description:
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 08)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 08)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 08)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 08)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Joel Esler (Aug 09)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 09)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 10)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 10)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 08)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 08)