[Snort-devel] snort v2 pb

rmkml rmkml at ...1042...
Fri May 9 07:10:08 EDT 2003


Is there a fix for that pb ?

and fix for icmp large packet ?

and fix for multiple acked packets ?

and fix for tcp flags ECE/CWR ?

Regard.




Chris Green wrote:

> rmkml <rmkml at ...1042...> writes:
>
> FFFF> Hi,
> >
> > I receive this packets this morning : (join tcpdump file)
> >
> > 05/09-00:26:19.029449  [**] [116:46:1] (snort_decoder) WARNING: TCP
> > Header length exceeds packet length! [**] {TCP} 192.168.1.2:0 ->
> > 81.51.107.118:0
> >
> > look tcpdump :
> > 00:26:19.029449 192.168.1.2.4662 > 81.51.107.118.3916: R [bad hdr
> > length] (ttl 247, id 0, len 40)
> >
> > Why snort200b72 bad decode tcp port ?
> >
>
> Because it quits assigning to the data structure before it alerts
> since the error is encountered during processing.
> --
> Chris Green <cmg at ...402...>
> Don't use a big word where a diminutive one will suffice.





More information about the Snort-devel mailing list