[Snort-users] Re: Garbage in snort logs

Frank la at ...4425...
Thu Jan 10 13:45:02 EST 2002


I'm having the same problem with ICMP in 1.8.3:


A snippet:

R)d..>e.n.f...g.P.g...h.2.i...j...k...l...m...n..qo...p .Zq..fr .:s.iFt
..u../v ..v.h.x }.x.J.y _.z.,.{.{.|...}.].~...
................................................................................
....................................................................PDT.PST.PWT.PP
T.................$.............PST.....(.......PWT.............PPT.....H.......X
.......http_decode.....h... at ...4535...$ream2.........
....}..0.......spade........... at ...4536...`...x...
....spade-stats..




On 11 Jan 2002, Russell Fulton wrote:

> Here is some mail I sent to Marty this morning which has some other
> ideas on this problem...
> 
> Hi Marty,
>         I have just been corresponding with Brennan Bakke
> <bbakke at ...4534...>
> who reported finding bits of snort rules in logged ICMP packets (on the 
> security focus incidents list).  I told him about the build 89 fixes and
> suggested that these might fix his problems.  Someone else pointed out
> (quite rightly) that the ICMP packets should not go anywhere near the 
> stream4 preprocessor!
> 





More information about the Snort-users mailing list