Re: preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission

[Amm Snort <ammdispose-snort () yahoo com>]

Ok. I see there was cvs.snort.org once not anymore.


Is there a way to get patch that went in 2.9.4 fixing this bug?

May be its not sourcefire's policy to release whole 2.9.4 tree before being released but is it possible to get this 
particular patch? It will anyway be open source in a month or so. So may be it should be fine.


Because i think this is a bit serious issue as it causes lot of inconvenience esp. if internet line is showing abt 5% 
packet loss.


Thanks

Amm.




> ________________________________
> From: Joel Esler <jesler () sourcefire com>
> To: Russ Combs <rcombs () sourcefire com> 
> Cc: Amm Snort <ammdispose-snort () yahoo com>; "snort-devel () lists sourceforge net" <snort-devel () lists 
> sourceforge net> 
> Sent: Thursday, 9 August 2012 9:25 PM
> Subject: Re: [Snort-devel] preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission
>
>
> We don't release the roadmap of Snort ahead of time externally yet.  While there isn't much that will affect 
> installation and usage in 2.9.4, I will have to start talking about 2.9.5 ahead of time, as it's going to change a lot 
> of things.
>
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
>
>
> On Aug 8, 2012, at 11:10 AM, Russ Combs <rcombs () sourcefire com> wrote:
>
>
> > On Wed, Aug 8, 2012 at 11:04 AM, Amm Snort <ammdispose-snort () yahoo com> wrote:
> >
> > Thanks for quick response.
> > > I do not see 2.9.4 on snort.org. So I assume its not yet released.
> >
> > Correct - not out yet.
> >
> >
> > > Where do I see development version OR atleast its SVN changelog
> > >
> > >
> > > To know what new features/fixes can i expect and more to know existing bugs fixed in 2.9.4
> >
> > Unfortunately, that information is not available online. 
> >
> >
> > > Amm.
> > >
> > >
> > >
> > >
> > > > ________________________________
> > > > From: Russ Combs <rcombs () sourcefire com>
> > > > To: Amm Snort <ammdispose-snort () yahoo com> 
> > > > Cc: "snort-devel () lists sourceforge net" <snort-devel () lists sourceforge net> 
> > > > Sent: Wednesday, 8 August 2012 8:19 PM
> > > > Subject: Re: [Snort-devel] preprocessor normalize_tcp: ips ecn stream dropping SYN retransmission
> > > >
> > > >
> > > > On Wed, Aug 8, 2012 at 8:18 AM, Amm Snort <ammdispose-snort () yahoo com> wrote:
> > > >
> > > > I believe "normalize_tcp" drops retry-SYNs because they do not match first SYN packet.
> > > > > So is there any work around for this? Or am I missing any configuration directive?
> > > > We have already fixed this for the 2.9.4 release.  The workaround for now is to disable normalize_tcp. 
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!