Re: Snort core dumped

From: KF (dotslashat_private)
Date: Thu Jan 10 2002 - 12:35:10 PST

Next message: Obscure: "RE: CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]"

Previous message: Mandrake Linux Security Team: "MDKSA-2001:095-1 - glibc update"
Next in thread: Martin Roesch: "Re: Snort core dumped"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[root@xxx xxxx]# ps -ef | grep snort
snort 牋 10283 熯熯1熯2 17:17 ? 牋 熯熯00:00:00 /usr/sbin/snort -u snort
-g snorroot 熯熯10292 10252熯0 17:17 pts/2 牋 00:00:00

[xxxx@xxx xxxx]$ ping -c1 -s1 xxx.xxxxxx.com
PING xxx.xxxxxxx.com (111.111.111.111) from 111.111.111.111: 1(29) bytes
of data.
9 bytes from xxx.xxxxxxxx.com (192.168.1.103): icmp_seq=0 ttl=255

--- xxx.xxxxxxxxx.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss

[root@xxx xxxxxxxx]# ps -ef | grep snort
root 熯熯10328 10252熯0 17:18 pts/2 牋 00:00:00 grep snort

-KF


Sinbad wrote:

> Run snort:
> # snort -dev host 192.168.0.3 and 192.168.0.1 
> 
> Ping 192.168.0.1 from 192.168.0.3 within one data in payload:
> # ping -c 1 -s 1 192.168.0.1
> 
> Snort's output showed below:
> -*> Snort! <*-
> Version 1.8.3 (Build 88)
> By Martin Roesch (roeschat_private, www.snort.org)
> 01/10-11:34:43.898282 0:80:AD:78:83:BB -> 0:E0:18:C4:52:76 type:0x800 len:0x2B
> 192.168.0.3 -> 192.168.0.1 ICMP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:29 DF
> Type:8  Code:0  ID:9435   Seq:0  ECHO
> Segmentation fault (core dumped)
> 
> hmm... core dumped!
> 
> while with the '-X' option works well. :)
> 
> Have you ever seen this happened?
> 
> 
> Regards,
> Sinbad
> 
> 
>

Next message: Obscure: "RE: CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]"
Previous message: Mandrake Linux Security Team: "MDKSA-2001:095-1 - glibc update"
Next in thread: Martin Roesch: "Re: Snort core dumped"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 10 2002 - 20:05:36 PST