Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Follow-up

From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 4 Mar 2003 23:08:10 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The preprocessors are "out of band" with the rules engine, the only interact through manipulation of the packet struct and data. The "fragmentation" we're talking about with this issue is RPC record fragmentation, not IP fragmentation, this is at the application layer, not the network layer. 

     -Marty

On Monday, March 3, 2003, at 03:40 PM, Slighter, Tim wrote:
In regards to the RCP overflow, is it possible to specify a "fragbits" option that does not specify a value of "0" ? 
or will the preprocessor override any values in the rules files?
- -- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 
Sourcefire: Enterprise-class Snort-based IDS Infrastructure
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)

iD8DBQE+ZXgvqj0FAQQ3KOARAtkaAJwP27v6+EYOOZogfqLAlJ6oPqasTACZAW0E
isx/a0j6RMrMkZwCXSzYD+M=
=DbW7
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: