Snort mailing list archives
Re: Wierd Packets, ICMP Dest Unreachable
From: Phil Wood <cpw () lanl gov>
Date: Thu, 14 Jun 2001 16:02:52 -0600
On Thu, Jun 14, 2001 at 03:09:33PM -0400, Matt Scarborough wrote:
Phil, It really is not a problem per se. I think it would only be a problem if
The problem to me is, that snort code in log.c does not know where the packet ends and decodes trash and prints the results as real stuff. As far as being a problem in the ids sense, or sense of possibly causing a recipient of the trashed header to go into limbo, that's another story. In the past, specially crafted ip headers caused some serious problems for Microsoft hosts here at lanl. Every single windows box that was not behind a serious firewall that reassembled ip fragments before passing them on ended up with the blue screen of death. It was pretty eery for some of our groups to enter their room in the early morning and find 30 systems all with that microsoft blue screen. In this case, it appears that any recipient of these packets did not get bent out of shape. Thanks, Phil
-- Phil Wood, cpw () lanl gov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Wierd Packets, ICMP Dest Unreachable Phil Wood (Jun 14)
- <Possible follow-ups>
- Re: Wierd Packets, ICMP Dest Unreachable Matt Scarborough (Jun 14)