Snort mailing list archives
Re: [Snort-users] 2.9.0.1 performance issue
From: Russ Combs <rcombs () sourcefire com>
Date: Thu, 18 Nov 2010 12:07:57 -0500
On Thu, Nov 18, 2010 at 11:26 AM, L0rd Ch0de1m0rt <l0rdch0de1m0rt () gmail com>wrote:
Hello. To be clear, there is no fix for the "http_inspect\stream reassembly" bug at the moment (if there is a fix in SVN, let me know so I can take action here b/c this is seriously a non-trivial bug for me). Apparently it is an issue with Stream5 having premature buffer flushing issues. Government/Critical Infrastructure companies take note: this bug leads to easy IDS/IPS evasion and this issue, "predates Snort 2.9.0" according to Sourcefire.
The reassembly fix is in the next release which is going through QA now and will be released "soon". Sorry I can't give you an exact date. Also note that actual evasion depends on the timing of acknowledgements from target to attacking host and so it isn't always "easy".
-L0rd C. On Thu, Nov 18, 2010 at 10:09 AM, matan monitz <mmonitz () gmail com> wrote:sounds related to the http_inspect\stream reassembly bugfix------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- 2.9.0.1 performance issue Frank Eberle (Nov 18)
- Re: [Snort-users] 2.9.0.1 performance issue Matt Olney (Nov 18)
- Re: [Snort-users] 2.9.0.1 performance issue matan monitz (Nov 18)
- Re: [Snort-users] 2.9.0.1 performance issue L0rd Ch0de1m0rt (Nov 18)
- Re: [Snort-users] 2.9.0.1 performance issue Eoin Miller (Nov 18)
- Re: [Snort-users] 2.9.0.1 performance issue Russ Combs (Nov 18)
- Re: [Snort-users] 2.9.0.1 performance issue matan monitz (Nov 18)
- Re: [Snort-users] 2.9.0.1 performance issue matan monitz (Nov 18)
- Re: [Snort-users] 2.9.0.1 performance issue Matt Olney (Nov 18)