[Snort-devel] [ snort-Bugs-601422 ] Flexresp sends incorrect source port

noreply at ...12... noreply at ...12...
Thu Aug 29 17:29:02 EDT 2002


Bugs item #601422, was opened at 2002-08-28 17:06
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=103357&aid=601422&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Scot (lttinhi)
Assigned to: Nobody/Anonymous (nobody)
Summary: Flexresp sends incorrect source port

Initial Comment:
OS - Mandrake Linux 8.1
Snort - 1.8.7
Options - MySQL+FlexResp
Rule - (resp: rst_all; flags: !F; content:
"www.google.com"; msg: "Blocked!";)

When reset is activated using resp:, an extra '1' is
appended to the source port.  I have attached a brief
Ethereal file showing what happens.  The correct source
port is 4365.  However, the reset snort sends is
14365.  No reset coming back to my machine is evident.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=103357&aid=601422&group_id=3357




More information about the Snort-devel mailing list