[Snort-devel] Réf. : Re: [Snort-devel] snort 1.8.6 core dump when receive lot of ping of the deathT

axel.letourneur at ...1289... axel.letourneur at ...1289...
Thu Apr 25 08:44:28 EDT 2002




the computer where is snort is a kernel 2.2.X

but the kernel where is start ping-of-death1 is a redhat 7.2 with kernel 2.4.18

in the program ping of death I use a spoofed ip adresse 194.214.201.66 for the
source of ip adress

use:
 tcpdump -nn -s0 -w ping-o-death "host 194.214.201.66 && proto ICMP"








Chris Green <cmg at ...402...> sur 25/04/2002 16:34:34

Veuillez répondre à snort-devel at lists.sourceforge.net

Pour :    Axel LETOURNEUR/TLT/CHRONOPOST at ...1336...
cc :
Objet :   Re: [Snort-devel] snort 1.8.6 core dump when receive lot of ping of
      the death


-------------- next part --------------

axel.letourneur at ...1289... writes:
>
> I use a program named ping-of-death1.c on a other host of a other network with
> this shell command
> while [ 1 -eq 1]; do ./ping-of-death1 X.X.X.X ; usleep 1; done
> where X.X.X.X is the IP snort adress detector ( I don't try with the broadcast
> adress of le snort detector ... )
> after less than 1 minute snort core dump. the two machines have good network
> between them.

Can you send me a tcpdump of this?  I don't have a linux 2.2 machine
around here and linux 2.4 is too smart and prevents the packet from
going on the wire and openbsd is doing the same.

tcpdump host ip_src -w ping-o-death.cap -s 1500

Thanks,
Chris
--
Chris Green <cmg at ...402...>





      ____________________________________________________________________________________________






More information about the Snort-devel mailing list