[Snort-devel] thousands of false positive alerts: spp_asn1: ASN.1 Attack: Datum length > packet length

Chris Green cmg at ...402...
Tue Jan 7 06:57:10 EST 2003


Roman Varga <roman at ...1768...> writes:

> 	Hello ;>
>
> Snort suddenly reports a huge amount (round 200000) of alerts in just
> 2 seconds. It happend already 2 times during last 2 days only while
> testing on our local network. Which makes our DB server (mysql) a
> little bit out of work. Approaching alerts via ACID interface is also
> nearly impossible.
>
> reported msg is:
> spp_asn1: ASN.1 Attack: Datum length > packet length

Disable the preprocessor asn1 in your conf file
-- 
Chris Green <cmg at ...402...>
A good pun is its own reword.




More information about the Snort-devel mailing list