COMMAND
	snort bypass using fragroute
SYSTEMS AFFECTED
	All versions
PROBLEM
	0xcafebabe reported a post by Dug Song, which released  a  tool  on  the
	focus-ids list which totally blindsides Snort :
	
	http://www.monkey.org/~dugsong/fragroute/index.html
	
	His  README.snort  file  contains  several   fragroute   scripts   which
	blindside even the current Snort version in CVS, tested on  RedHat  7.2.
	For example, the latest  wu-ftpd  exploits  run  through  the  one  line
	"tcp_seg 1 new" don't trigger any Snort alerts at all.
SOLUTION
	 Update (25 April 2002)
	 ======
	Snort 1.8.7beta1 is available at :
	
	http://www.snort.org/dl/beta/snort-1.8.7beta1.tar.gz.
	
	This should correct the issues that fragroute induces.