From: Mike S. <mik...@ch...> - 2007-07-26 11:58:25
Hi, I keep getting this alert with snort v2.6
"(spp_stream4) TCP out-of-order packets limit reached for stream"
And is essentially dropping payloads with non-ASCII characters, how can
I disable this ?
many thanks
Mike :)
From: Will M. <wil...@gm...> - 2007-07-26 12:28:11
In your snort_inline.conf under your stream4 configuration set the following
option.
disable_ooo_pkts_drop
Regards,
Will
On 7/26/07, Mike Smith <mik...@ch...> wrote:
>
> Hi, I keep getting this alert with snort v2.6
>
> "(spp_stream4) TCP out-of-order packets limit reached for stream"
>
> And is essentially dropping payloads with non-ASCII characters, how can
> I disable this ?
>
> many thanks
> Mike :)
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Snort-inline-users mailing list
> Sno...@li...
> https://lists.sourceforge.net/lists/listinfo/snort-inline-users
>
From: Victor J. <li...@in...> - 2007-07-30 21:27:26
Mike Smith wrote:
> Hi, I keep getting this alert with snort v2.6
>
> "(spp_stream4) TCP out-of-order packets limit reached for stream"
>
> And is essentially dropping payloads with non-ASCII characters, how can
> I disable this ?
>
>
Hi Mike, sorry for not responding earlier. The alerts are not related
with the payload of the TCP packets. I've just written a blogpost about
how the handling of out of order packets in Snort_inline works:
http://www.inliniac.net/blog/2007/07/30/snort_inline-and-out-of-order-packets.html
Cheers,
Victor
