Snort mailing list archives
snort 1.8.2 crash on 50Mb traffic with reassembly directive on
From: "Bruno GODARD" <Bruno.GODARD () noos com>
Date: Thu, 15 Nov 2001 11:15:31 +0100
Hello, During our NIDS tests, we systematicaly have snort 1.8.2 (with or without snmp and mysql on) which crash under 50 Mb traffic composed of tiny packets of 64 bits. We test it on sun plateform under solaris 2.7. We just change "preprocessor stream4_reassemble" options from default to "both:port all" We change this option because we would test snort ability to detect fragmented attack on heavy traffic. On a established 50Mb traffic, We start snort, it detects some fragmented attack, but not all, then after some minutes it crash with a core dump. On a 25Mb traffic it doesn't crash and detects all fragmented attacks. Can someone have an explanation of this crash , is snort limited to small traffic when we ask it to reassemble packet. Thanks for idea and help B. GODARD ************************************************************************** Le contenu de ce message ne represente en aucun cas un engagement de la part de Noos sous reserve de tout accord conclu par ecrit entre vous et Noos. Toute publication, utilisation ou diffusion, meme partielle, doit etre autorisee prealablement. Si vous n'etes pas destinataire de ce message, merci d'en avertir immediatement l'expediteur. Pour avoir plus d'informations sur Noos : http://www.noos.com The content of this message does not constitute a commitment by Noos except where provided for in a written agreement between you and Noos. Any unauthorised disclosure, use or dissemination, either whole or partial, is prohibited. If you are not the intended recipient of the message, please notify the sender immediately. For more information about us: http://www.noos.com ************************************************************************** _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort 1.8.2 crash on 50Mb traffic with reassembly directive on Bruno GODARD (Nov 15)
- Re: snort 1.8.2 crash on 50Mb traffic with reassembly directive on Erek Adams (Nov 15)