Re: Snort 1.8.6 crashes after Ping of Death

[Rich Adamson <radamson () routers com>]

Yes, I've been having what appears to be the same problem on a Win2kPro
machine (stable v1.8.7 barebones). Best guess thus far is it has something 
to do with opening/closing a local log file. This could be a different
problem as my Win2k system totally locks up on the "second" alert,
regardless of what the alert happens to be. A clean installation of 
snort, etc, has not helped. A currently running test that excludes the
command line switches "-l e:\snort\log -A full" seems to confirm the
suspicions.

I've tried downloading the current v1.8.7 source from www.snort.org,
however Visual Studio complains about several missing files. A search
of the drive indicates they are truly missing including: avl_tree.c, 
spp_minfrag.c, spp_tcp_stream.c, spp_stream3.c, and unistd.h.

Could some folks from the development side help out please?

> My Snort (version 1.8.6) (under Linux Mandrake 8.2) crashes after one 
> or two attacks with the DoS-Attack "Ping of Death", produced with the 
> "IDS Informer" from BLADE Software. This Software is an IDS testing 
> tool. Does anybody else have this problem?
> SYSLOG-ENTRY:
> <date> <time> <hostname> kernel: device eth0 left promiscuous mode
> <date> <time> <hostname> kernel: Oversized IP packet from <attacker>



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
PC Mods, Computing goodies, cases & more
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users