[Snort-devel] Réf. : Re: [Snort-devel] snort 1.8.6 core dump when receive lot of ping of the deathT
cmg at ...402...
Thu Apr 25 09:07:00 EDT 2002
axel.letourneur at ...1289... writes:
> the computer where is snort is a kernel 2.2.X
> but the kernel where is start ping-of-death1 is a redhat 7.2 with kernel 2.4.18
> in the program ping of death I use a spoofed ip adresse 220.127.116.11 for the
> source of ip adress
> tcpdump -nn -s0 -w ping-o-death "host 18.104.22.168 && proto ICMP"
2.4.17 is giving me Oversized IP packet from 10.1.1.52 and not
sending packets from that code.
I'm thinking its more related to the heavy fragmentation and deleting
nodes out from under ourself upon a fragmentation memcap fault and not
necessarily related to the size of the pings like we spent so much
time dealing with in stream4.
I thought I caught those but there may be a case I'm missing but it
woudl explain your wacky pointer
Chris Green <cmg at ...402...>
I've had a perfectly wonderful evening. But this wasn't it.
-- Groucho Marx
More information about the Snort-devel