MISC IP Reserved bit set

[Jean Michel BARBET <Jean-Michel.Barbet () subatech in2p3 fr>]

Hello,

I have used snort for about 2 months now and it is an unvaluable tool 
both for auditing your network and for learning. 

Yesterday I got a bunch of :

[**] [1:523:1] MISC IP Reserved bit set [**]
10/08-11:10:29.567869 EXTERNAL_NET -> HOME_NET
PROTO204 TTL:153 TOS:0x0 ID:153 IpLen:12 DgmLen:200

(I replaced the real addresses by EXTERNAL_NET and HOME_NET)
I got more than 6000 of these within 3 hours, then it stopped...
There are many different sources and targets.

I run snort V1.8 :
Version 1.8-RELEASE (Build 43)
By Martin Roesch (roesch () sourcefire com, www.snort.org)

=> Could somebody explain to me what are these alerts ?

Also I am running two different versions of snort on two slightly
different
machines on the same mirrored port of a switch. 
These are V1.7 and the already mentioned V1.8-build 43. 

Both of them are dumping core about once a week. 

V1.7 runs on Linux RedHat 7.0, Kernel : 2.2.16-22
V1.8 runs on Linux RedHat 7.0, kernel : 2.2.19-7.0.8

=> Any idea of what is making snort crash ? Can I help by sending 
   a core file ?

Thank you.

Jean-Michel BARBET.

-- 
------------------------------------------------------------------------
Jean-michel BARBET                    | Tel: +33 (0)2 51 85 84 86 
Laboratoire SUBATECH Nantes France    | Fax: +33 (0)2 51 85 84 79
CNRS-IN2P3/Ecole des Mines/Universite | E-Mail: barbet () subatech in2p3 fr
------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users