[Snort-devel] frag2 problems
Nathan W. Labadie
ab0781 at ...839...
Tue Jan 22 12:25:05 EST 2002
Linux-Mandrake 8.1, kernel 2.4.18-pre3, gcc 2.96, latest cvs snort
pulled from SNORT_1_8.
I just updated snort to the latest in SNORT_1_8 and started noticing a
few problems with frag2. In less than 15 minutes, snort logged close to
50,000 alerts running against two /16 networks. All of the alerts are
listed as "spp_frag2: Teardrop attack". Looking through the output in
tcpdump shows that they _are_ fragmented packets (don't know why),
but they are definitely _not_ teardrop attacks. Any ideas?
Nathan W. Labadie | ab0781 at ...839...
Sr. Security Specialist | 313/577.2126
Wayne State University | 313/577.1338 fax
C&IT Information Security Office: http://security.wayne.edu
More information about the Snort-devel