Results 1 to 4 of 4

Thread: Snort Denial of Service vulnerability

  1. #1
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401

    Snort Denial of Service vulnerability

    Read all about it, one packet is all is takes (if you run snort in verbose mode)..

    http://isc.sans.org/diary.php?date=2005-09-13
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  2. #2
    Senior Member
    Join Date
    May 2002
    Posts
    450
    thanks for the heads up .... checked my IPCop box and Snort is not running with the -v flag ... all is well

  3. #3
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    And the fix has arrived:

    Snort 2.4.2 Released (NEW)
    Published: 2005-09-30,
    Last Updated: 2005-09-30 16:40:55 UTC by John Bambenek (Version: 1)

    As a followup to the Snort vulnerability info we posted two weeks ago, a new version has been released of Snort that addresses that and some other bug fixes. You can find Snort's announcement here . The changes in the version are the following:

    * Fixed crash bug with -T and default logging setup first reported by Zultan.
    * Corrected Win32 directory setup for new WinPCAP.
    Source

    Cheers:
    DjM

  4. #4

    DOS

    The bug was in Snort "-v" option. Which should never be in use on a production sensor, and in fact 99.9999% of the time, the -v is used for testing to make sure Snort is seeing packets. Snort should always be ran in "-D" (daemon) mode using the -c (conf file) tag.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •