Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission

[Russ Combs <rcombs () sourcefire com>]

Here is the patch that will be in 294.

On Fri, Aug 10, 2012 at 12:14 PM, Amm Snort <ammdispose-snort () yahoo com>wrote:

> Hello all,
> I am attaching a temporary workaround (one line patch). Do not know if
> this could be final fix.
> Do not know if this is right fix and do not know if it has any bad side
> effect.
> So use at your own risk.
>
> It atleast resolves (bypasses) the problem I described.
>
> Please do post if you think this has bad side effect or you have better
> solution.
>
> Thanks
>
> Amm.
>
>   ------------------------------
> *From:* Amm Snort <ammdispose-snort () yahoo com>
> *To:* Joel Esler <jesler () sourcefire com>; Russ Combs <
> rcombs () sourcefire com>
> *Cc:* "snort-devel () lists sourceforge net" <
> snort-devel () lists sourceforge net>
> *Sent:* Thursday, 9 August 2012 9:39 PM
>
> *Subject:* Re: [Snort-devel] preprocessor normalize_tcp: ips ecn stream
> dropping SYN retransmission
>
> Ok. I see there was cvs.snort.org once not anymore.
>
> Is there a way to get patch that went in 2.9.4 fixing this bug?
>
> May be its not sourcefire's policy to release whole 2.9.4 tree before
> being released but is it possible to get this particular patch? It will
> anyway be open source in a month or so. So may be it should be fine.
>
> Because i think this is a bit serious issue as it causes lot of
> inconvenience esp. if internet line is showing abt 5% packet loss.
>
> Thanks
>
> Amm.
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!

Attachment: tcp-syn.diff
Description:

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!