Re: Queries regarding FRAG3 & STREAM5

[Anshuman Anil Deshmukh <anshuman () cybage com>]

Hi,

Could you please elaborate on the internal bug for tracking this issue? So do you meant to say that I need to put these 
on your bug tracking system? Or you meant something else?

Though I got answers to my question number 3, but yet to get for question number 1 & 2.


Thanks and Regards,
Anshuman


-----Original Message-----
From: Hui Cao [mailto:hcao () sourcefire com]
Sent: Monday, October 28, 2013 9:26 PM
To: Anshuman Anil Deshmukh
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Queries regarding FRAG3 & STREAM5

Hi Anshuman,

Thanks for the questions. We have internal bug to track this issue.

You can bind to more than two policies.

preprocessor stream5_tcp: bind_to 192.168.1.0/24, policy windows preprocessor stream5_tcp: bind_to 10.1.1.0/24, policy 
linux preprocessor stream5_tcp: bind_to 172.1.1.0/24, policy linux

Best,
Hui.

On Mon, Oct 28, 2013 at 7:12 AM, Anshuman Anil Deshmukh <anshuman () cybage com> wrote:
> Hi,
>
>
>
> I have some questions regarding FRAG3 & STREAM5 preprocessor. I did
> try to get answers in the previous posts but couldn't find it there
> and hence putting it here.
>
>
>
> 1.  For the said processors it's about defining policy for windows. As
> per the snort manual it is said that for FRAG3, windows version
> supported are 95/98/NT4/W2K/XP and for STREAM5 support is upto Vista.
> Just need to understand if both these preprocessors supports all the
> other windows versions that are currently available i.e. Windows
> server 2003/2008/2012, Windows Vista, Windows 7 & Windows 8 (some
> already covered in stream5, but still not all of them).
>
> 2.  Does said preprocessors support all the 64 bit Windows versions
> and Server Core installations. If answer to all of these is yes, then
> why not include this in the snort manual? If answer is no, then how
> soon would they would be included?
>
> 3.  What if the ratio of windows:linux machine is around 50:50? Then,
> for configuring the target based IDS how should these preprocessors configured?
> And that too in a DHCP environment. If I am not wrong for DHCP
> environment, it can be achieved by having IP reservations on DHCP
> server for one of them as one can plan to have bind_to for networking
> devices as well. As per the snort design we can only have 2
> definitions for bind_to
>
>
>
> Thanks and Regards,
>
> Anshuman
>
>
> "Legal Disclaimer: This electronic message and all contents contain
> information from Cybage Software Private Limited which may be
> privileged, confidential, or otherwise protected from disclosure. The
> information is intended to be for the addressee(s) only. If you are
> not an addressee, any disclosure, copy, distribution, or use of the
> contents of this message is strictly prohibited. If you have received
> this electronic message in error please notify the sender by reply
> e-mail to and destroy the original message and all copies. Cybage has
> taken every reasonable precaution to minimize the risk of malicious
> content in the mail, but is not liable for any damage you may sustain
> as a result of any malicious content in this e-mail. You should carry
> out your own malicious content checks before opening the e-mail or
> attachment." www.cybage.com
>
>
> ----------------------------------------------------------------------
> -------- October Webinars: Code for Performance Free Intel webinars
> can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the
> most from the latest Intel processors and coprocessors. See abstracts
> and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.c
> lktrk _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!


"Legal Disclaimer: This electronic message and all contents contain information from Cybage Software Private Limited 
which may be privileged, confidential, or otherwise protected from disclosure. The information is intended to be for 
the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution, or use of the contents of this 
message is strictly prohibited. If you have received this electronic message in error please notify the sender by reply 
e-mail to and destroy the original message and all copies. Cybage has taken every reasonable precaution to minimize the 
risk of malicious content in the mail, but is not liable for any damage you may sustain as a result of any malicious 
content in this e-mail. You should carry out your own malicious content checks before opening the e-mail or 
attachment." 
www.cybage.com



------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most 
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!