[Snort-devel] Weird snort output - probably arpspoof output

Fyodor fygrave at ...1...
Thu Jul 12 12:30:49 EDT 2001


On Thu, Jul 12, 2001 at 10:43:47AM -0500, Bill Marquette wrote:
> 
> 
> Alright...looks like I may have found a possible cause for the wierd log
> messages.  I'm guessing the code was just never filled in (yeah, I know it's
> experimental, and yes I know that it was proof of concept :)).  Anyways, from
> ARPspoofPreprocFunction(), we init logMessage but never seem to actually fill it
> before it's used.
>     char logMessage[180];
> .
> .
> .
>         switch(ntohs(p->ah->ea_hdr.ar_op))
>         {
>             case ARPOP_REQUEST:
>                 if (check_directed_arp)
>                                 {
>                     if (memcmp((u_char *)p->eh->ether_dst, (u_char *)bcast, 6)
> != 0)
>                     {

Yep, good spot, I am removing (commenting out) logMessage all toghether
now :)




More information about the Snort-devel mailing list