Clik here to view.
Snort_inline updated to 2.6.1.4 in SVN
After moving, which went fine, I now finally have some real coding time again. The last week I have been updating and fixing various parts of Snort_inline. The most important change was the update to...
View ArticleClik here to view.
Differences between Snort and Snort_inline
Every few weeks the same question comes up: what is the difference between Snort in inline mode and Snort_inline. This makes sense, because the Snort_inline documentation and website fail to explain...
View ArticleClik here to view.
Memory leak fixed in stream4inline
A few days ago William told me that if he enabled stream4inline on a busy gateway, Snort_inline would consume all memory within hours. The problem went away when disabling stream4inline, so it made...
View ArticleClik here to view.
TCP Window scaling in Snort_inline
The TCP window field in the TCP header is only 16 bits, so the maximum window size it can handle is only 64kb. A long time ago this was enough, but nowadays it isn’t, by far. Luckily, this is something...
View ArticleClik here to view.
Snort_inline and out of order packets
In Snort_inline’s stream4 modifications, one of the changes is that out of order TCP packets are treated differently from unmodified stream4. This can cause some new alerts to appear and some...
View ArticleClik here to view.
New Snort_inline TCP window normalization code in SVN
A while ago I wrote about why the TCP window scaling normalization in Snort_inline was broken by design. I also wrote about a new solution I was working on and testing that would be uploaded to SVN...
View Article