[Snort-users] Snort 1.8.6 crashes after Ping of Death

Rich Adamson radamson at ...2127...
Thu Jul 11 07:03:08 EDT 2002

Yes, I've been having what appears to be the same problem on a Win2kPro
machine (stable v1.8.7 barebones). Best guess thus far is it has something 
to do with opening/closing a local log file. This could be a different
problem as my Win2k system totally locks up on the "second" alert,
regardless of what the alert happens to be. A clean installation of 
snort, etc, has not helped. A currently running test that excludes the
command line switches "-l e:\snort\log -A full" seems to confirm the

I've tried downloading the current v1.8.7 source from www.snort.org,
however Visual Studio complains about several missing files. A search
of the drive indicates they are truly missing including: avl_tree.c, 
spp_minfrag.c, spp_tcp_stream.c, spp_stream3.c, and unistd.h.

Could some folks from the development side help out please?

> My Snort (version 1.8.6) (under Linux Mandrake 8.2) crashes after one 
> or two attacks with the DoS-Attack "Ping of Death", produced with the 
> "IDS Informer" from BLADE Software. This Software is an IDS testing 
> tool. Does anybody else have this problem?
> <date> <time> <hostname> kernel: device eth0 left promiscuous mode
> <date> <time> <hostname> kernel: Oversized IP packet from <attacker>

More information about the Snort-users mailing list