On Thu, 2003-03-13 at 10:16, Jefferson Ogata wrote: > James A. Robbins wrote: > >>Have you looked at snort? > > > > It's on my todo list. I thought it was only an IDS. Does it also > > reassemble fragments? > > snort does fragment and stream reassembly as part of its IDS function. > > Just be very careful to get the latest version, because the reassembly stuff > has been worked on, and especially because earlier versions have the recently > announced RPC decoder vulnerability that can give you a bad case of remote > root compromise. In fact, I don't even know if a patched version is available yet.
Yes, a patched version is available: 1.9.1 (see www.snort.org). Craig.
