Snort mailing list archives

Re: FW: Bug: snort-2.2.0 appears to be merging separate streams (was: Incorrect payload on acid alerts)

From: Jason Haar <Jason.Haar () trimble co nz>
Date: Sun, 14 Nov 2004 10:18:01 +1300

snortman () hotpop com wrote:

I also think it's related to stream4. I have seen it happen to my sensor
with http_inspect disabled.

I am using snort 2.1.0 only updated rules up till now should I update to
2.1.3 or 2.2.0 to fix this problem ?
Has anyone seen this happen in version 2.1.3 ?


I've seen it with 2.2.0

Additional info:
1. I am capturing traffic from 2 VLANS using port span.2. My traffic is pretty high.
Could this be the cause ?

Nope. I'm seeing it on my home snort install (yes, sad I know) - verylow traffic. In fact, it's the fact that it's low traffic that allowedme to notice it. Such events happening on our work network are almostimpossible to notice. 10 events /day at home is a lot easier to parse byeye that 2000+/day


Jason


-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Bug: snort-2.2.0 appears to be merging separate streams (was: Incorrect payload on acid alerts) Jason Haar (Nov 13)
- <Possible follow-ups>
- FW: Bug: snort-2.2.0 appears to be merging separate streams (was: Incorrect payload on acid alerts) snortman (Nov 13)
  - Re: FW: Bug: snort-2.2.0 appears to be merging separate streams (was: Incorrect payload on acid alerts) Jason Haar (Nov 13)