Menu
▾
▴
Re: [Snort-inline-users] Streams and Inline
|
From: Will M. <wil...@gm...> - 2007-08-27 21:41:54
|
I think he was talking about tcp stream reassembly, not frags... Regards, Will On 8/27/07, Dave Remien <dr...@ni...> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Will Metcalf wrote: > > every tcp segment.... In addition we also scan the unreassembled > > packet before passing the verdict back to iptables. That is only for > > stream4inline of course ;-)... > > At least under Linux, netfilter (up to at least the 2.6.18 kernel) > reassembles the packets for us, so we don't see frags. > > Cheers, > > Dave > > > > > Regards, > > > > Will > > > > On 8/27/07, Adayadil Thomas <ada...@gm...> wrote: > >> Greetings. > >> > >> In the inline mode, does snort_inline do reassembly operation (for TCP > >> packets) for every tcp segment OR does the reassembly happen only when > >> a threshold (bytes) is reached? > >> > >> Thanks > >> > >> ------------------------------------------------------------------------- > >> This SF.net email is sponsored by: Splunk Inc. > >> Still grepping through log files to find problems? Stop. > >> Now Search log events and configuration files using AJAX and a browser. > >> Download your FREE copy of Splunk now >> http://get.splunk.com/ > >> _______________________________________________ > >> Snort-inline-users mailing list > >> Sno...@li... > >> https://lists.sourceforge.net/lists/listinfo/snort-inline-users > >> > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Splunk Inc. > > Still grepping through log files to find problems? Stop. > > Now Search log events and configuration files using AJAX and a browser. > > Download your FREE copy of Splunk now >> http://get.splunk.com/ > > _______________________________________________ > > Snort-inline-users mailing list > > Sno...@li... > > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFG00L8Hqzq3E2ozBMRApegAKCuk+4ilBkXozwUFe7QeJHFyo3BoQCgtbuX > NMTy2uBBPI216yPcjWt5E7s= > =IVyV > -----END PGP SIGNATURE----- > > This e-mail message and any attachments contain information that is confidential and may be privileged. If the reader of this e-mail is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to this message or by sending an email to pos...@ni..., and destroy all copies of this message and any attachments without reading or disclosing them. Thank you. > > > |
