September 13th, 2005, 09:54 AM
Snort Denial of Service vulnerability
Read all about it, one packet is all is takes (if you run snort in verbose mode)..
Experience is something you don't get until just after you need it.
September 13th, 2005, 02:05 PM
thanks for the heads up .... checked my IPCop box and Snort is not running with the -v flag ... all is well
September 30th, 2005, 10:48 PM
And the fix has arrived:
Snort 2.4.2 Released (NEW)
Last Updated: 2005-09-30 16:40:55 UTC by John Bambenek (Version: 1)
As a followup to the Snort vulnerability info we posted two weeks ago, a new version has been released of Snort that addresses that and some other bug fixes. You can find Snort's announcement here
. The changes in the version are the following:
* Fixed crash bug with -T and default logging setup first reported by Zultan.
* Corrected Win32 directory setup for new WinPCAP.
October 13th, 2005, 07:09 AM
The bug was in Snort "-v" option. Which should never be in use on a production sensor, and in fact 99.9999% of the time, the -v is used for testing to make sure Snort is seeing packets. Snort should always be ran in "-D" (daemon) mode using the -c (conf file) tag.