[Snort-devel] thousands of false positive alerts: spp_asn1: ASN.1 Attack: Datum length > packet length
cmg at ...402...
Tue Jan 7 06:57:10 EST 2003
Roman Varga <roman at ...1768...> writes:
> Hello ;>
> Snort suddenly reports a huge amount (round 200000) of alerts in just
> 2 seconds. It happend already 2 times during last 2 days only while
> testing on our local network. Which makes our DB server (mysql) a
> little bit out of work. Approaching alerts via ACID interface is also
> nearly impossible.
> reported msg is:
> spp_asn1: ASN.1 Attack: Datum length > packet length
Disable the preprocessor asn1 in your conf file
Chris Green <cmg at ...402...>
A good pun is its own reword.
More information about the Snort-devel