Snort mailing list archives
Re: Garbage in snort logs
From: Frank <la () pasadena net>
Date: Thu, 10 Jan 2002 13:32:37 -0800 (PST)
I'm having the same problem with ICMP in 1.8.3: A snippet: R)d..>e.n.f...g.P.g...h.2.i...j...k...l...m...n..qo...p .Zq..fr .:s.iFt ..u../v ..v.h.x }.x.J.y _.z.,.{.{.|...}.].~... ................................................................................ ....................................................................PDT.PST.PWT.PP T.................$.............PST.....(.......PWT.............PPT.....H.......X .......http_decode.....h...@..........$ream2......... ....}..0.......spade...........@...l...X.......spade-homenet...........h...`...x... ....spade-stats.. On 11 Jan 2002, Russell Fulton wrote:
Here is some mail I sent to Marty this morning which has some other ideas on this problem... Hi Marty, I have just been corresponding with Brennan Bakke <bbakke () solcon nl> who reported finding bits of snort rules in logged ICMP packets (on the security focus incidents list). I told him about the build 89 fixes and suggested that these might fix his problems. Someone else pointed out (quite rightly) that the ICMP packets should not go anywhere near the stream4 preprocessor!
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Garbage in snort logs, (continued)
- Re: Garbage in snort logs Martin Roesch (Jan 08)
- Re: Garbage in snort logs Andreas Östling (Jan 10)
- "Connnection closed"? (spelled wrong!) Edwin Eefting (Jan 10)
- Re: "Connnection closed"? (spelled wrong!) John Sage (Jan 13)
- Re: Garbage in snort logs Martin Roesch (Jan 08)
- Re: Garbage in snort logs Phil Wood (Jan 09)
- Getting an error using -r Ken Pickering (Jan 09)
- Re: Getting an error using -r Ken Pickering (Jan 09)
- CVS version not finding pcap includes Bob Van Cleef (Jan 09)
- Re: Garbage in snort logs Frank (Jan 10)
- Re: Re: Garbage in snort logs Martin Roesch (Jan 10)
- Re: Re: Garbage in snort logs Martin Roesch (Jan 10)