|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Vincent Chen (vctw
yahoo.com)Date: Sat Mar 30 2002 - 01:39:06 CST
Dear all,
I run snort for a while and found that packet log file
will be corrupted after oversized fragment received.
After I got the following alert:
[**] [113:1:1] spp_frag2: Oversized fragment, probable
DoS [**]
10/05-16:38:14.3633994403197.230.54.72 ->
124.152.42.136
PROTO068 TTL:25 TOS:0x2B ID:33962 IpLen:52
DgmLen:14733 RB DF
IP Options (1) => Opt 57: 5423 E63D A0D6 89A3 7C1A
273D EE90 2614 322C 6770 3979 8054 E680 62F9 892E 4783
7AFE EAD1 0C0B 73C9
Frag Offset: 0x041CAD Frag Size: 0x3959
The packet log file will grow to several mega byte. If
trying to read it, I got:
.
.
.
pcap_loop: bogus savefile header
===============================================================================
Snort processed 51 packets.
Breakdown by protocol: Action Stats:
TCP: 51 (100.000%) ALERTS: 0
UDP: 0 (0.000%) LOGGED: 0
ICMP: 0 (0.000%) PASSED: 0
ARP: 0 (0.000%)
IPv6: 0 (0.000%)
IPX: 0 (0.000%)
OTHER: 0 (0.000%)
===============================================================================
.
.
.
It's a Dos to me, not just probable. Is there any
solution for this?
Thanks for your help,
Vincent Chen
__________________________________________________
Do You Yahoo!?
Yahoo! Greetings - send holiday greetings for Easter, Passover
http://greetings.yahoo.com/
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]