Snort mailing list archives
Re: (spp_asn1) ASN.1 spec violation, possible overflow
From: Erek Adams <erek () snort org>
Date: Fri, 7 Mar 2003 11:58:33 -0500 (EST)
On Wed, 5 Mar 2003, Maynard, Jeff S. wrote:
Can someone tell me what this alert means. I cannot find any reference to it to determine if I should be concerned. (spp_asn1) ASN.1 spec violation, possible overflow
It means that the ASN preprocessor fired an alert. For more indepth info look at the code for spp_asn1.c in the <snortdir>/src/preprocessors/ directory. There's about 60-70 lines of comments at the top that explain what it is, and what it's attempting. Short answer: Something didn't match the ASN.1 specifciation. Some section of the data was longer than the spec allows. 1001 bytes where it should only be 1000 or something like that. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (spp_asn1) ASN.1 spec violation, possible overflow Maynard, Jeff S. (Mar 05)
- Re: (spp_asn1) ASN.1 spec violation, possible overflow Erek Adams (Mar 07)