Snort mailing list archives
Re: [snort-devel] sfportscan and SYN scan with data
From: Virgil Hemery <virgil.hemery () gmail com>
Date: Tue, 26 Apr 2011 19:39:41 +0200
I submit the following patch. It seems to work quite well but probably in a wrong way. It updates the session flags of ACK packets that belong to a low session but for which no TCP session has been created. Looking forward to your reply. --- snort_stream5_tcp.c.old 2011-04-26 19:31:12.000000000 +0200 +++ snort_stream5_tcp.c 2011-04-26 19:25:34.000000000 +0200 @@ -7496,6 +7496,11 @@ * we missed). */ /* Do nothing. */ + + GetLWPacketDirection(p,lwssn); + if(p->packet_flags & PKT_FROM_SERVER) + lwssn->session_flags |= SSNFLAG_SEEN_SERVER; + PREPROC_PROFILE_END(s5TcpStatePerfStats); return ACTION_NOTHING | retcode; }
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- [snort-devel] sfportscan and SYN scan with data Virgil Hemery (Apr 24)
- Re: [snort-devel] sfportscan and SYN scan with data Russ Combs (Apr 25)
- Message not available
- Re: [snort-devel] sfportscan and SYN scan with data Virgil Hemery (Apr 29)
- Message not available
- Re: [snort-devel] sfportscan and SYN scan with data Russ Combs (Apr 25)
- Re: [snort-devel] sfportscan and SYN scan with data Virgil Hemery (Apr 26)