Read all about it, one packet is all is takes (if you run snort in verbose mode)..
http://isc.sans.org/diary.php?date=2005-09-13
Printable View
Read all about it, one packet is all is takes (if you run snort in verbose mode)..
http://isc.sans.org/diary.php?date=2005-09-13
thanks for the heads up .... checked my IPCop box and Snort is not running with the -v flag ... all is well :)
And the fix has arrived:
SourceQuote:
Snort 2.4.2 Released (NEW)
Published: 2005-09-30,
Last Updated: 2005-09-30 16:40:55 UTC by John Bambenek (Version: 1)
As a followup to the Snort vulnerability info we posted two weeks ago, a new version has been released of Snort that addresses that and some other bug fixes. You can find Snort's announcement here . The changes in the version are the following:
* Fixed crash bug with -T and default logging setup first reported by Zultan.
* Corrected Win32 directory setup for new WinPCAP.
Cheers:
The bug was in Snort "-v" option. Which should never be in use on a production sensor, and in fact 99.9999% of the time, the -v is used for testing to make sure Snort is seeing packets. Snort should always be ran in "-D" (daemon) mode using the -c (conf file) tag.