Home page logo
/

snort logo Snort mailing list archives

Re: [Snort-users] 2.9.0.1 performance issue
From: Russ Combs <rcombs () sourcefire com>
Date: Thu, 18 Nov 2010 12:07:57 -0500

On Thu, Nov 18, 2010 at 11:26 AM, L0rd Ch0de1m0rt
<l0rdch0de1m0rt () gmail com>wrote:

Hello.  To be clear, there is no fix for the "http_inspect\stream
reassembly" bug at the moment (if there is a fix in SVN, let me know
so I can take action here b/c this is seriously a non-trivial bug for
me).  Apparently it is an issue with Stream5 having premature buffer
flushing issues.

Government/Critical Infrastructure companies take note: this bug leads
to easy IDS/IPS evasion and this issue, "predates Snort 2.9.0"
according to Sourcefire.


The reassembly fix is in the next release which is going through QA now and
will be released "soon".  Sorry I can't give you an exact date.

Also note that actual evasion depends on the timing of acknowledgements from
target to attacking host and so it isn't always "easy".




-L0rd C.

On Thu, Nov 18, 2010 at 10:09 AM, matan monitz <mmonitz () gmail com> wrote:
sounds related to the http_inspect\stream reassembly bugfix



------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault