Snort 2.4.3 has a bug in processing fragmented ip packets which has ip options. frag3 preprocessor of snort skips [ip_option_length] bytes from end of the ip options when reassembling packet, thus allowing anyone to evade ids.
Guys at snort.org already informed and are fixing the problem.
Guys at snort.org already informed and are fixing the problem.
[ reply ]