Re: Garbage in snort logs

[Frank <la () pasadena net>]

I'm having the same problem with ICMP in 1.8.3:


A snippet:

R)d..>e.n.f...g.P.g...h.2.i...j...k...l...m...n..qo...p .Zq..fr .:s.iFt
..u../v ..v.h.x }.x.J.y _.z.,.{.{.|...}.].~...
................................................................................
....................................................................PDT.PST.PWT.PP
T.................$.............PST.....(.......PWT.............PPT.....H.......X
.......http_decode.....h...@..........$ream2.........
....}..0.......spade...........@...l...X.......spade-homenet...........h...`...x...
....spade-stats..




On 11 Jan 2002, Russell Fulton wrote:

> Here is some mail I sent to Marty this morning which has some other
> ideas on this problem...
>
> Hi Marty,
>         I have just been corresponding with Brennan Bakke
> <bbakke () solcon nl>
> who reported finding bits of snort rules in logged ICMP packets (on the 
> security focus incidents list).  I told him about the build 89 fixes and
> suggested that these might fix his problems.  Someone else pointed out
> (quite rightly) that the ICMP packets should not go anywhere near the 
> stream4 preprocessor!


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users