[Snort-devel] [ snort-Bugs-505448 ] IDMEF XML not well formed large packets

noreply at ...12... noreply at ...12...
Sat Jan 19 17:42:02 EST 2002


Bugs item #505448, was opened at 2002-01-18 09:13
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=505448&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: IDMEF XML not well formed large packets

Initial Comment:
I'm running 1.8.3 on Linux and OpenBSD, and I've
noticed that if I see a "Large ICMP packet", in this
case 7591 bytes, the <data> tag fails to close, along
with all other open tags except <event>. 

So, what I see is the end of the packet data, in hex,
followed by the </event>

So far, this is perfectly reproducable by just doing
and "nmap -sT addr" against the test Snort.

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=505448&group_id=3357




More information about the Snort-devel mailing list