Snort mailing list archives

1.8.6 problem: Misdetection and hangup

From: Jesus Couto <jesus.couto () satec es>
Date: Tue, 04 Jun 2002 15:37:50 +0200

Hi,

This is the setup: A RH 7.2 machine running snort 1.8.6, 2 interfaces,the one we are listening to eth1 connected to a hub with another 2machines, 192.168.100.1 (the "attacker") and 192.168.100.3 (the "victim").


Problem: Launching some simple portscanning attacks like

   nmap -sT -p 1-40000 -r 192.168.100.3

from the attacker machine gets reported as "MISC source route lssr" bysnort in IDS mode, and after reporting the first 3000-4000 events, snorthangs completly.

Not only the packets dont have the lssr option anywhere, as checked byusing Ethereal, but snort in sniffer mode also shows them to be withoutoptions, and the logging of the packets by snort at the ACID consoleshows the packet having a few other options (TS) but nothing aboutsource routing.


Any ideas? If more info is needed to debug it just tell me what you need.

Jesus Couto F.




_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

1.8.6 problem: Misdetection and hangup Jesus Couto (Jun 04)
- Re: 1.8.6 problem: Misdetection and hangup Chris Green (Jun 04)