[23806] in bugtraq
Re: Snort core dumped
daemon@ATHENA.MIT.EDU (KF)
Thu Jan 10 23:28:57 2002
Message-ID: <3C3DFAFE.3050202@snosoft.com>
Date: Thu, 10 Jan 2002 15:35:10 -0500
From: KF <dotslash@snosoft.com>
MIME-Version: 1.0
To: Sinbad <securitymail@263.net>
Cc: bugtraq@securityfocus.com, recon@snosoft.com
Content-Type: text/plain; charset=GB2312
Content-Transfer-Encoding: 8bit
[root@xxx xxxx]# ps -ef | grep snort
snort 10283 ٧٧1٧2 17:17 ? ٧٧00:00:00 /usr/sbin/snort -u snort
-g snorroot ٧٧10292 10252٧0 17:17 pts/2 00:00:00
[xxxx@xxx xxxx]$ ping -c1 -s1 xxx.xxxxxx.com
PING xxx.xxxxxxx.com (111.111.111.111) from 111.111.111.111: 1(29) bytes
of data.
9 bytes from xxx.xxxxxxxx.com (192.168.1.103): icmp_seq=0 ttl=255
--- xxx.xxxxxxxxx.com ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
[root@xxx xxxxxxxx]# ps -ef | grep snort
root ٧٧10328 10252٧0 17:18 pts/2 00:00:00 grep snort
-KF
Sinbad wrote:
> Run snort:
> # snort -dev host 192.168.0.3 and 192.168.0.1
>
> Ping 192.168.0.1 from 192.168.0.3 within one data in payload:
> # ping -c 1 -s 1 192.168.0.1
>
> Snort's output showed below:
> -*> Snort! <*-
> Version 1.8.3 (Build 88)
> By Martin Roesch (roesch@sourcefire.com, www.snort.org)
> 01/10-11:34:43.898282 0:80:AD:78:83:BB -> 0:E0:18:C4:52:76 type:0x800 len:0x2B
> 192.168.0.3 -> 192.168.0.1 ICMP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:29 DF
> Type:8 Code:0 ID:9435 Seq:0 ECHO
> Segmentation fault (core dumped)
>
> hmm... core dumped!
>
> while with the '-X' option works well. :)
>
> Have you ever seen this happened?
>
>
> Regards,
> Sinbad
>
>
>
