Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort swapping src and dst in binary log?

From: Tony Lill <ajlill () tardis ajlc waterloo on ca>
Date: Wed, 09 Jul 2003 14:23:26 -0400
I've seen it for quite a while, and it's not just in writing the
binary log files. I usually see http requests stitched into mail
streams. I even submitted a bug report. You'd think you'd see more
concern about a bug that renders all of snort's reports suspect.

I'm guessing that there's a problem with stream re-assembly, perhaps
if you comment out all the pre-processors, and if that's ok, add them
back one at a time.
--
Tony Lill,                         Tony.Lill () AJLC Waterloo ON CA
President, A. J. Lill Consultants        fax/data (519) 650 3571
539 Grand Valley Dr., Cambridge, Ont. N3H 2S2     (519) 241 2461
--------------- http://www.ajlc.waterloo.on.ca/ ----------------
"Welcome to All Things UNIX, where if it's not UNIX, it's CRAP!"


-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: