Menu
▾
▴
Re: AW: [Snort-inline-users] stateless vs. stateful
|
From: Victor J. <vi...@nk...> - 2004-11-22 09:54:11
|
On Monday 22 November 2004 10:01, you wrote: > hi victor, > > is it correct that stateful checks the connection sequence > SYN->SYN/ACK->ACK->ACK........... If i recall correctly, yes. > if i have a HA enviroment it is possible that only came an ACK without > a SYN befor because of asymmetric routing the packet is dropped or > i have an state sync? It would be dropped. > if i use stateless the connection sequence is not checked. > what do i loose if i disable stream4? You could miss (a lot) of attacks. If an attack fits in one packet you will be fine, however if it doesn't you will probably miss it. Stream4 also protects you against snot/stick attacks. Regards, Victor |
