[Snort-users] Snort 2.8.6 generatin invalid ip options in events?

Andy Berryman aberryman at ...14765...
Fri Jun 4 14:33:15 EDT 2010


I'm having an issue with snort 2.8.6 that I have really no clue on how
to even start trying to figure out. So, besides Google, you guys are my
first hope. 

 

I'm getting events from snort that have invalid ip options in the event.
Hoping someone can point me in the right direction on how/where to
start. 

 

Here's the event. 

 

iphdr:1406410883,3436490497,4,15,0,264,44627,0,0,26,1,12955

ipopt:0,0,1,0,

ipopt:1,0,7,37,KAoBZQTCsdFOw/sbIcP7G5o+KHxaPihwpkDWkZJA18PRkOgJpg==

icmphdr:8,0,19178

data:VVJMOmh0dHA6Ly9pcGxhbmUuY3Mud2FzaGluZ3Rvbi5lZHUvcGxfbWVhc3VyZW1lbnQ
uaHRt

bCBDb250YWN0OmlwbGFuZS1zdXBwb3J0QGNzLndhc2hpbmd0b24uZWR1AAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

 

Thanks,

Andy Berryman

 


###############################################################################
This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the recipient(s) named above.  If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this message in error and that any review, disclosure, copying, distribution or use of the contents of this message is strictly prohibited.  If you have received this message in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or by return e-mail.                    
###############################################################################
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100604/dad5d4ee/attachment.html>


More information about the Snort-users mailing list