Thu Feb 14 13:05:09 EST 2013


I was running BotHunter ( latest, the one that uses "Snort +
applied numerous stability (bug) fixes." ) and snort was crashing on my
500GB pcap file. Upon digging into the main cause, there was a dns query
that was crashing snort.

Here (http://sysnet.org.pk/upload/theOne.pcap) is the pcap file containing
only 1 packet that crashes snort. To testing this pcap, use
"" as your HOME_NET. I bypassed this bug by removing this IP
from the list of HOME_NET.

