[Snort-users] Re: IP short header
pkahle at ...492...
Sat Mar 2 20:47:15 EST 2002
> Message: 7
> Date: Sat, 2 Mar 2002 15:55:15 -0800
> From: John Sage <jsage at ...2022...>
> To: Render-Vue <sales at ...4295...>
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] IP short header
> Well, the short answer that doesn't tell you much is that the IP
> header is expected to be 20 bytes long.
> What you're receiving is only 18 long, and it triggers a rule in
> -- hmm.. I can't grep for 'short header' in *.rules -- what version of
> snort did you say you were running, and what platform ;-) ?
This looks suspiciously like a DEBUG printf in DecodeIPOnly (I'm
looking in 1.8.1 source, I think):
printf("ICMP Unreachable IP header length: %lu\n", (unsigned long)hlen);
So it may not be in a rule at all.
Those who would give up essential Liberty to purchase a little temporary
safety, deserve neither Liberty nor safety.
-- Ben Franklin
|| Peter M Kahle Jr || PGP Public Key on Keyservers ||
|| pkahle at ...492... || http://pops.dyndns.com/~pkahle/ ||
More information about the Snort-users