[Snort-devel] Is it possble you have a developer who is not on the right side?

Martin Roesch roesch at ...402...
Sun Nov 18 22:30:02 EST 2001

What leads you to believe that it's the snort process generating this
traffic?  Are you using flexible response?  What version of Snort are
you using?  What command line are you using?  What changes have you made
to the snort.conf?  What OS is Snort running on?  How are you sure that
the Snort process is the one that's actually generating the packets? 
Where did you download this copy of Snort?

Snort has been available on the Windows platform for ove a year and half
and this is the first time anyone has reported anything like this.  In
fact, unless you downloaded it from someplace other than snort.org, I'd
hazard to say you've got a problem with some other piece of software on
your system...


> Ted Hulick wrote:
> I downloaded your package yesterday...I've been in the industry 22
> years and I know what I'm doing...
> I didn't alter the configuration, but since it's been downloaded -
> I've had to kill my network link 3 times...
> I have a high speed cable line...one of my NT machines has launched
> numerous attacks across the
> internet..and not even machines I contacted...i.e., incremental IP
> address and Port...
> .how do I know, I have several tools...including a sniffer...
> I think you should take a look at the Windows version of the
> download...I've seen enough evidence myself
> to suggest it is seriously tainted by someone...it may not be as easy
> as testing it, as they have maybe
> programmed to make sure it's not a "home address"....it's no joke.
> Like I said, I'm no rookie...I do analyze networks for a living....I'm
> deleting this code, and the install...
> and I won't recommend this package to anyone until you can explain
> what happened.
> Feel free to call me...
>    832-687-5200
>    Ted Hulick
> ps- Unless your code is seriously buggy, you have a/some tainted
> developers playing games.....

Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch at ...402... - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org

More information about the Snort-devel mailing list