[Snort-users] OpenBSD IPsec DoS signature
kris at ...593...
Fri Oct 6 23:23:06 EDT 2000
On Fri, Oct 06, 2000 at 03:37:57PM -0700, Dragos Ruiu wrote:
> I wanted to write a sig for it, but testing out which port causes the crash is
> err... painful. The culprit is an IP packet with an empty payload, has anyone
> nailed down the port to narrower (pref single) value/range? My first guess
> is isakmp/500 but I happen to use OpenBSD for the boxes I like to keep
> running and count on and I'm not up to more syscrashes just yet...
nmap -sO is an IP protocol scan..it doesn't use ports (except for the
special case of protocols 6 and 17 :)
The OpenBSD bug was a crash on whatever type of packet -sO likes to
send of protocol 50 or 51 (i.e. not a valid ESP/AH packet).
More information about the Snort-users