[Snort-devel] On Solaris: Printed IP's reversed in spp_sfportscan.c

Steven Sturges steve.sturges at ...402...
Mon Oct 15 09:30:55 EDT 2007


Thanks, Jerry.

We'll have a look at it.

Cheers.
-steve

Jerry Litteer wrote:
> system:  Solaris 9 (sparc)
> Snort 2.7.* 2.8.*
> 
> When you look at the portscan log file, the IP's listed for the Range
> are printed in the wrong byte order.
> 
> Example:
> 
> Time: 10/10-10:35:23.696740
> event_id: 3
> *.*.*.131 -> *.*.*.24 (portscan) TCP Filtered Portsweep
> Priority Count: 0
> Connection Count: 30
> IP Count: 10
> Scanned IP Range: 193.*.*.*:193.*.*.*
> Port/Proto Count: 10
> Port/Proto Range: 1143:4465
> 
> 
> If you look at the code (near 160-190) you see that the IP's (ip1 and
> ip2) are printed byte 3-0 order.  For Solaris (SUN), this needs to be 0-3.
> The attached context mod should fix the problem..
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel




More information about the Snort-devel mailing list