Snort mailing list archives

Re: snort 1.9.1 message (decoded length message from rpc_decode)

From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 19 Mar 2003 13:49:56 -0500

Hope you don't mind I changed the subject to something more specific, mightdraw attention from someone more educated on the RPC decoder who's justskimming subject lines.

This message appears to be generated by the RPC decode preprocessor, andseems to be the result of some sanity checking on the RPC packets. Thiswould appear to mean that the RPC decoder thinks a message is trying toevade detection by sending fragments in a strange order, but would appearto be possible any time a RPC packet is fragmented and arrives out-of-order.

Someone more familiar with spp_rpc_decode.c might be able to comment in amore educated fashion, but at least I can tell you where it came from.




At 05:55 AM 3/19/2003 +0000, you wrote:

hi

When I start my second sensor, which alerts in the
remote mysql server, I get this message.

calllogfuncs() decoded length does not compute!

I keep on getting this message very often.

I don't know it is an error, warning or what.

Cna anybody enlighten me on this message and how to
avoid it ?

Thanx.

Bishan

=====
Celebrating Happiness
email: bishan () sumerusolutions com
company: www.sumerusolutions.com

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com


-------------------------------------------------------
This SF.net email is sponsored by: Does your code think in ink?
You could win a Tablet PC. Get a free Tablet PC hat just for playing.
What are you waiting for?
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------

This SF.net email is sponsored by: Does your code think in ink?You could win a Tablet PC. Get a free Tablet PC hat just for playing.What are you waiting for?

http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort 1.9.1 message Always Bishan (Mar 18)
- Re: snort 1.9.1 message (decoded length message from rpc_decode) Matt Kettler (Mar 21)
- <Possible follow-ups>
- snort 1.9.1 message Always Bishan (Mar 19)