Snort mailing list archives

Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission

From: Russ Combs <rcombs () sourcefire com>
Date: Wed, 8 Aug 2012 11:10:04 -0400

On Wed, Aug 8, 2012 at 11:04 AM, Amm Snort <ammdispose-snort () yahoo com>wrote:

Thanks for quick response.

I do not see 2.9.4 on snort.org. So I assume its not yet released.


Correct - not out yet.


Where do I see development version OR atleast its SVN changelog

To know what new features/fixes can i expect and more to know existing
bugs fixed in 2.9.4


Unfortunately, that information is not available online.


Amm.

  ------------------------------
*From:* Russ Combs <rcombs () sourcefire com>
*To:* Amm Snort <ammdispose-snort () yahoo com>
*Cc:* "snort-devel () lists sourceforge net" <
snort-devel () lists sourceforge net>
*Sent:* Wednesday, 8 August 2012 8:19 PM
*Subject:* Re: [Snort-devel] preprocessor normalize_tcp: ips ecn stream
dropping SYN retransmission

On Wed, Aug 8, 2012 at 8:18 AM, Amm Snort <ammdispose-snort () yahoo com>wrote:

I believe "normalize_tcp" drops retry-SYNs because they do not match first
SYN packet.

So is there any work around for this? Or am I missing any configuration
directive?

We have already fixed this for the 2.9.4 release.  The workaround for now
is to disable normalize_tcp.



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 08)
- Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 08)
  - Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 08)
    - Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 08)
    - Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Joel Esler (Aug 09)
    - Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 09)
    - Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Amm Snort (Aug 10)
    - Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission Russ Combs (Aug 10)