Snort mailing list archives
Reassembled packets from Frag3 and Stream5
From: Rayne <hjazz6 () ymail com>
Date: Tue, 14 Oct 2008 01:42:51 -0700 (PDT)
Hi all,
I know that Frag3 reassembles IP fragments, and Stream5 reassembles TCP fragments. So are the reassembled packets
identical, i.e. in terms of payload? And wouldn't this increase the volume of traffic passed into the detection engine
and cause it to run slower, since there are now more packets to check against the rules?
Thank you.
Regards,
Rayne
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Reassembled packets from Frag3 and Stream5 Rayne (Oct 14)
- Re: Reassembled packets from Frag3 and Stream5 Matt Olney (Oct 14)
- <Possible follow-ups>
- Re: Reassembled packets from Frag3 and Stream5 Wu Wei Dong (Oct 14)
- Re: Reassembled packets from Frag3 and Stream5 Matt Olney (Oct 15)
- Re: Reassembled packets from Frag3 and Stream5 Rayne (Oct 15)
- Re: Reassembled packets from Frag3 and Stream5 Matt Olney (Oct 15)