Re: Wierd Packets, ICMP Dest Unreachable

[Phil Wood <cpw () lanl gov>]

On Thu, Jun 14, 2001 at 03:09:33PM -0400, Matt Scarborough wrote:
> Phil,
>
> It really is not a problem per se. I think it would only be a problem if

The problem to me is, that snort code in log.c does not know where the
packet ends and decodes trash and prints the results as real stuff.

As far as being a problem in the ids sense, or sense of possibly causing a
recipient of the trashed header to go into limbo, that's another story.

In the past, specially crafted ip headers caused some serious problems for
Microsoft hosts here at lanl.  Every single windows box that was not behind
a serious firewall that reassembled ip fragments before passing them on
ended up with the blue screen of death.  It was pretty eery for some of
our groups to enter their room in the early morning and find 30 systems all
with that microsoft blue screen.

In this case, it appears that any recipient of these packets did not get
bent out of shape.

Thanks,

Phil

>

-- 
Phil Wood, cpw () lanl gov


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users