[Snort-users] Snort core dumped (fwd)

Martin Roesch roesch at ...1935...
Thu Jan 10 12:51:15 EST 2002


Saw it, loved the format of the report *and* the forum, truly.  Somehow
a patch that we did a while back got messed up and migrated into the
1.8.3 distro (much like ntohs() being added and removed from the ICMP
ID's and sequence numbers about once every 3 months or so.

Anyway, here's the patch:

--- basesnort/decode.h Thu Jan 10 15:47:48 2002
+++ snort/decode.h    Thu Jan 10 12:15:33 2002
@@ -105,7 +105,7 @@
 #define IP_HEADER_LEN           20
 #define TCP_HEADER_LEN          20
 #define UDP_HEADER_LEN          8
-#define ICMP_HEADER_LEN         8
+#define ICMP_HEADER_LEN         4
 
 #define TH_FIN  0x01
 #define TH_SYN  0x02


    -Marty


Roman Danyliw wrote:
> 
> ---------- Forwarded Message ----------
> Date: Thursday, January 10, 2002 1:26 PM +0800
> From: Sinbad <securitymail at ...786...>
> To: bugtraq at ...35...
> Subject: Snort core dumped
> 
> Run snort:
> # snort -dev host 192.168.0.3 and 192.168.0.1
> 
> Ping 192.168.0.1 from 192.168.0.3 within one data in payload:
> # ping -c 1 -s 1 192.168.0.1
> 
> Snort's output showed below:
> -*> Snort! <*-
> Version 1.8.3 (Build 88)
> By Martin Roesch (roesch at ...1935..., www.snort.org)
> 01/10-11:34:43.898282 0:80:AD:78:83:BB -> 0:E0:18:C4:52:76 type:0x800
> len:0x2B 192.168.0.3 -> 192.168.0.1 ICMP TTL:64 TOS:0x0 ID:0 IpLen:20
> DgmLen:29 DF Type:8  Code:0  ID:9435   Seq:0  ECHO
> Segmentation fault (core dumped)
> 
> hmm... core dumped!
> 
> while with the '-X' option works well. :)
> 
> Have you ever seen this happened?
> 
> Regards,
> Sinbad
> 
> ---------- End Forwarded Message ----------
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)552-6999
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...1935... - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org




More information about the Snort-users mailing list