Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort warning: Bad insert in fraglist for FragTracker 0x8fd580

From: Martin Roesch <roesch () sourcefire com>
Date: Thu, 28 Feb 2002 23:08:10 -0500
If I remember correctly (and from looking at the code) you get this error
when duplicate fragments are received.  This is generally bad news, so I've
just added some code to check for this condition and let you know when it's
seen.  Check out the latest CVS (build 95) to see if that's the case.

     -Marty

On 2/28/02 4:51 PM, "Gordon H. Atwood" <gordon () cs ualberta ca> wrote:



Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

So what does this mean, is it important, what should I do about it?

I've just started trying to get a Snort box running.  Version
1.8.4-beta1 (Build 91)
running on an OpenBSD 3.0 system (Intel Pentium II ("GenuineIntel"
686-class,
512KB L2 cache) 401 MH)

As soon as I start it up (eg.  "snort -a full -i xl1 -c /etc/snort.conf"
I start getting these
warnings.  Lots of them.  5 or 6 every second.

I traced the warning to spp_frag2.c in the snort source but beyond that
its meaningless
to me.  I see no mention of it in the snort faq and nothing about it in
any of the docs
that I can find.

So it must be self-evident - but not to me.

Can anyone enlighten me or point me at the relevant documentation?

--
Gordon H. Atwood                                 E-mail:
gordon () cs ualberta ca
Research System Administrator                 Phone:  (780) 492-9930
Department of Computing Science            Fax:  (780) 492-1071
University of Alberta                   WWW:
http://web.cs.ualberta.ca/~gordon




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: