[Snort-devel] Problems with snort_decoder (2.01beta Build 77)

Jeff Nathan jeff at ...835...
Mon May 12 14:47:05 EDT 2003

Whiskey tango foxtrot!!@&#*!@$

Chris was pulling our collective chain.  That IS kind=24 ('ye old hex to 
decimal).  And IANA even claims [1] it exists, but it doesn't have a 
length, so much like the original TCP options, it can be problematic to 
parse sanely.  Either way, 240 is a pretty long option value. :)

[1] http://www.iana.org/assignments/tcp-parameters

It is definitely a bad packet.

Now that we've beat THAT topic into the ground.... (grin)


--On Monday, May 12, 2003 8:45 -0400 Chris Green <cmg at ...402...> wrote:

> Jeff Nathan <jeff at ...835...> writes:
>> 0x18 (kind=24 ????)
> Actually thats kind=18, len=0xf0 so that's snort complaining that the
> option length of 240 is incorrect.
> It's not a problem with snort, it's a problem with the tcpoptions
> --
> Chris Green <cmg at ...402...>
> Don't use a big word where a diminutive one will suffice.

http://cerberus.sourcefire.com/~jeff       (gpg key available)
Great spirits have always encountered violent opposition from mediocre
- Albert Einstein

More information about the Snort-devel mailing list