Snort mailing list archives

Re: Questions about Frag3 and Stream5

From: Nigel Houghton <nigel () sourcefire com>
Date: Wed, 16 Jul 2008 08:50:01 -0400

On 7/15/08 10:24 PM, "tung tran" <tunghack () gmail com> wrote:

Hi,
What about fragmented packets that never defragmented and
"out-of-order" sequence number packets? The reason I raised this
question is there are some attacks not detected because sometimes
packets are not passed down to the dectection engine.


Examples are required, evidence in the form of pcap data and what you expect
to happen would also be useful. Snort-devel is a better forum for your
questions also.

--
Nigel Houghton
Resident Hooligan
SF VRT


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Questions about Frag3 and Stream5 tung tran (Jul 11)
- Re: Questions about Frag3 and Stream5 tung tran (Jul 15)
  - Re: Questions about Frag3 and Stream5 Joel Esler (Jul 15)
    - Re: Questions about Frag3 and Stream5 tung tran (Jul 15)
    - Re: Questions about Frag3 and Stream5 Nigel Houghton (Jul 16)
  - Re: Questions about Frag3 and Stream5 Jason Brvenik (Jul 16)
- <Possible follow-ups>
- Re: Questions about Frag3 and Stream5 Andy Pace (Jul 15)