Snort mailing list archives
Possible Evasion in Snort Multi Pattern Algorithm
From: bmc () snort org
Date: Tue, 12 Jul 2005 09:39:22 -0400
The Sourcefire Vulnerability Research Team has discovered a bug in the default wu-manber multi-pattern algorithm in Snort. This vulnerability could allow an attacker to potentially evade Snort. The Snort Team is currently working on the Snort 2.4 release, in which the default multi-pattern match algorithm will be Aho-Corasick. Until the next release of Snort is available, users can update their Snort configuration to use a different algorithm. To update your Snort configuration, add the following line to snort.conf: config detection: search-method ac Sincerely, Brian Caswell ------------------------------------------------------- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Possible Evasion in Snort Multi Pattern Algorithm bmc (Jul 12)
- <Possible follow-ups>
- Re: Possible Evasion in Snort Multi Pattern Algorithm Zultan (Jul 13)
- Re: Re: Possible Evasion in Snort Multi Pattern Algorithm Joel Esler (Jul 13)
- Re: Re: Possible Evasion in Snort Multi Pattern Algorithm Jason (Jul 13)
- Re: Re: Possible Evasion in Snort Multi Pattern Algorithm Joel Esler (Jul 13)