Hosting Provided By

RE: [Snort-devel] Header mixup Bug in Snort 2.0?

From: Erik Norman <carl_erik.norman(at)telia.com>
Date: Mon Jun 16 2003 - 15:29:34 EDT

Hi all,

This issue has been confirmed as a bug with Snort2.0, but *not* with Snort current (b087). So unless anyone wants to dig deeper, I leave it at that. Thanks to rmkml@wanadoo.fr for help, input, and commitment to Snort.

For the curious:

I isolated a tcpdump file containing two tcp sessions. When testing the two sessions separately, no alarm was triggered. When testing the two in the same file, several alarms of the same type (uid=...) were triggered. Not good :-)

The bug was verified to exist on two different plattforms (Linux 2.2.16 & NetBSD 1.6.1). Regrettely, I can not send/publish the raw data.

Thank you for Snort, guys.

> -----Original Message-----

This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Mon Jun 16 15:45:32 2003

Do you need help?

This message: [ Message body ]
Next message: Antonatos Spiros: "[Snort-devel] Multirule inspection engine"
Previous message: Martin Olsson: "Re: [Snort-devel] PATCH: Snort log in pcap format to stdout"
In reply to: Erik Norman: "[Snort-devel] Header mixup Bug in Snort 2.0?"
In reply to Marc Norton: "RE: [Snort-devel] v2 mem usage chages?"
Next in thread: Tony Lill: "Re: [Snort-devel] Header mixup Bug in Snort 2.0?"
Reply: Marc Norton: "RE: [Snort-devel] Bug : unsafe pointer usage"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:06 EDT