[Snort-devel] Réf. : Re: [Snort-devel] snort 1.8.6 core dump when receive lot of ping of the deathT

Chris Green cmg at ...402...
Thu Apr 25 09:07:00 EDT 2002


axel.letourneur at ...1289... writes:

> the computer where is snort is a kernel 2.2.X
>
> but the kernel where is start ping-of-death1 is a redhat 7.2 with kernel 2.4.18
>
> in the program ping of death I use a spoofed ip adresse 194.214.201.66 for the
> source of ip adress
>
> use:
>  tcpdump -nn -s0 -w ping-o-death "host 194.214.201.66 && proto ICMP"

2.4.17 is giving me Oversized IP packet from 10.1.1.52 and not
sending packets from that code.

I'm thinking its more related to the heavy fragmentation and deleting
nodes out from under ourself upon a fragmentation memcap fault and not
necessarily related to the size of the pings like we spent so much
time dealing with in stream4.

I thought I caught those but there may be a case I'm missing but it
woudl explain your wacky pointer
-- 
Chris Green <cmg at ...402...>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx





More information about the Snort-devel mailing list