Snort mailing list archives

Re: ACID: Bug in decoding of ICMP packets payload?

From: Roman Danyliw <roman () danyliw com>
Date: Wed, 9 Jan 2002 15:20:27 -0500 (EST)

ICMP type=3 packets are padded with 4-bytes after the code field.  It
looks like sometimes this padding is not logged (or not present).

A fix has been committed to CVS.

cheers,
Roman


On Wed, 9 Jan 2002, Jesus Couto wrote:

[snip]

It seems that there is a bug in the decoding of ICMP packets payloads...
see in acid_qry_alert.php :




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ACID: Bug in decoding of ICMP packets payload? Jesus Couto (Jan 09)
- <Possible follow-ups>
- Re: ACID: Bug in decoding of ICMP packets payload? Roman Danyliw (Jan 09)
  - Re: ACID: Bug in decoding of ICMP packets payload? Jesus Couto (Jan 10)
- Re: ACID: Bug in decoding of ICMP packets payload? roman (Jan 10)