[Snort-devel] Réf. : Re: [Snort-devel] snort 1.8.6 core dump when receive lot of ping of the deathT

Chris Green cmg at ...402...
Thu Apr 25 09:07:00 EDT 2002

axel.letourneur at ...1289... writes:

> the computer where is snort is a kernel 2.2.X
> but the kernel where is start ping-of-death1 is a redhat 7.2 with kernel 2.4.18
> in the program ping of death I use a spoofed ip adresse for the
> source of ip adress
> use:
>  tcpdump -nn -s0 -w ping-o-death "host && proto ICMP"

2.4.17 is giving me Oversized IP packet from and not
sending packets from that code.

I'm thinking its more related to the heavy fragmentation and deleting
nodes out from under ourself upon a fragmentation memcap fault and not
necessarily related to the size of the pings like we spent so much
time dealing with in stream4.

I thought I caught those but there may be a case I'm missing but it
woudl explain your wacky pointer
Chris Green <cmg at ...402...>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx

More information about the Snort-devel mailing list