[Snort-users] 1.8.6 problem: Misdetection and hangup
jesus.couto at ...3830...
Tue Jun 4 06:37:12 EDT 2002
This is the setup: A RH 7.2 machine running snort 1.8.6, 2 interfaces,
the one we are listening to eth1 connected to a hub with another 2
machines, 192.168.100.1 (the "attacker") and 192.168.100.3 (the "victim").
Problem: Launching some simple portscanning attacks like
nmap -sT -p 1-40000 -r 192.168.100.3
from the attacker machine gets reported as "MISC source route lssr" by
snort in IDS mode, and after reporting the first 3000-4000 events, snort
Not only the packets dont have the lssr option anywhere, as checked by
using Ethereal, but snort in sniffer mode also shows them to be without
options, and the logging of the packets by snort at the ACID console
shows the packet having a few other options (TS) but nothing about
Any ideas? If more info is needed to debug it just tell me what you need.
Jesus Couto F.
More information about the Snort-users