[Snort-devel] Problems with snort_decoder (2.01beta Build 77)
jeff at ...835...
Mon May 12 14:47:05 EDT 2003
Whiskey tango foxtrot!!@&#*!@$
Chris was pulling our collective chain. That IS kind=24 ('ye old hex to
decimal). And IANA even claims  it exists, but it doesn't have a
length, so much like the original TCP options, it can be problematic to
parse sanely. Either way, 240 is a pretty long option value. :)
It is definitely a bad packet.
Now that we've beat THAT topic into the ground.... (grin)
--On Monday, May 12, 2003 8:45 -0400 Chris Green <cmg at ...402...> wrote:
> Jeff Nathan <jeff at ...835...> writes:
>> 0x18 (kind=24 ????)
> Actually thats kind=18, len=0xf0 so that's snort complaining that the
> option length of 240 is incorrect.
> It's not a problem with snort, it's a problem with the tcpoptions
> Chris Green <cmg at ...402...>
> Don't use a big word where a diminutive one will suffice.
http://cerberus.sourcefire.com/~jeff (gpg key available)
Great spirits have always encountered violent opposition from mediocre
- Albert Einstein
More information about the Snort-devel