Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort SACK Option DoS clarifications

From: Martin Roesch <roesch () sourcefire com>
Date: Mon, 12 Sep 2005 22:26:20 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FYI, here are a few points about this issue.
1) It's a DoS if you're running in verbose mode. If you're running Snort as a NIDS you shouldn't be running in verbose mode as it will torpedo your performance, this has been known for over 6 years now. If you're running in sniffer mode and someone DoS's you, go grab log.c from CVS, recompile and you're fine.
2) This is a NULL pointer dereference, so it won't turn into more than a DoS.
3) The guy who released the advisory for this relatively minor issue decided to do so without coordination with the Snort project or Sourcefire, even though we asked him to wait so we could coordinate. Rolling out a Snort release is a complex series of events and we have several other bug fixes that we're putting together for 2.4.1 (check out CVS if you want to see the fixes) plus docs and so on that need to go in there.
Fact of the matter is that this guy decided that responsible disclosure wasn't necessary in this case and then decided to make a big deal out of it (high risk my ass). Whatever. We'll get 2.4.1 out as soon as we can and that'll be that. 

If anyone has any questions or comments feel free to drop me a mail.

     -Marty

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover.  Determine.  Defend.
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFDJjjNqj0FAQQ3KOARAvxYAJ0U/CmuOas9oIlorwAKCocbty+4vQCcDVXd
VC1kZjKP+paig0sqylt/xPU=
=guuk
-----END PGP SIGNATURE-----


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: