Snort mailing list archives

Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission

From: Joel Esler <jesler () sourcefire com>
Date: Thu, 9 Aug 2012 11:55:16 -0400

We don't release the roadmap of Snort ahead of time externally yet.  While there isn't much that will affect 
installation and usage in 2.9.4, I will have to start talking about 2.9.5 ahead of time, as it's going to change a lot 
of things.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

On Aug 8, 2012, at 11:10 AM, Russ Combs <rcombs () sourcefire com> wrote:



On Wed, Aug 8, 2012 at 11:04 AM, Amm Snort <ammdispose-snort () yahoo com> wrote:
Thanks for quick response.

I do not see 2.9.4 on snort.org. So I assume its not yet released.

Correct - not out yet.

Where do I see development version OR atleast its SVN changelog

To know what new features/fixes can i expect and more to know existing bugs fixed in 2.9.4

Unfortunately, that information is not available online. 

Amm.

From: Russ Combs <rcombs () sourcefire com>
To: Amm Snort <ammdispose-snort () yahoo com> 
Cc: "snort-devel () lists sourceforge net" <snort-devel () lists sourceforge net> 
Sent: Wednesday, 8 August 2012 8:19 PM
Subject: Re: [Snort-devel] preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission

On Wed, Aug 8, 2012 at 8:18 AM, Amm Snort <ammdispose-snort () yahoo com> wrote:
I believe "normalize_tcp" drops retry-SYNs because they do not match first SYN packet.

So is there any work around for this? Or am I missing any configuration directive?

We have already fixed this for the 2.9.4 release.  The workaround for now is to disable normalize_tcp.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 08)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 08)
  - Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 08)
    - Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 08)
    - Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Joel Esler (Aug 09)
    - Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 09)
    - Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 10)
    - Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 10)