Snort mailing list archives
Re: Snort, Queso and iptables [FIDUCIA virengepruft - ohne Gewahr, das alle bekannten Viren und deren Varianten erkannt wurden.]
From: Fyodor <fygrave () tigerteam net>
Date: Wed, 10 Oct 2001 03:57:10 +0700
On Tue, Oct 09, 2001 at 05:21:42PM +0100, Thomas Schweikle wrote:
Just about every other day, snort reports a 'Possible Queso Fingerprint attempt' from a machine at kernel.org (most frequently mirrors.kernel.org). This is puzzling to me for several reasons:Questo is a simple program to find out what OS your host is using. Sometimes it misses, but most it guesses correct. Nothing to worry about. Someone was trying to find out hat OS you where using. Mostly for statistics, just to see what OS people use to surf there site (sometimes interessting to have an idea what folks are there out there).
Actually I reckon someone was posting a while ago on some(this?) mailing list that certain versions of linux kernel craft packets in such way that they appear as queso prints (some erroneous flags or something), if someone is interested, I can really dig it up, but being short you can blame broken linux kernel here :-) _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort, Queso and iptables [FIDUCIA virengeprüft - ohne Gewähr, daß alle bekannten Viren und deren Varianten erkannt wurden.] Thomas Schweikle (Oct 09)
- Re: Snort, Queso and iptables [FIDUCIA virengepruft - ohne Gewahr, das alle bekannten Viren und deren Varianten erkannt wurden.] Fyodor (Oct 09)
- Re: Snort, Queso and iptables Olaf Schreck (Oct 10)
- Re: Snort, Queso and iptables [FIDUCIA virengepruft - ohne Gewahr, das alle bekannten Viren und deren Varianten erkannt wurden.] Fyodor (Oct 09)