Where can i find alert info?

["Petriz, Pablo" <ppetriz () siscat com ar>]

Hello list

I am using snort (lot of thanks to this list!) but i am not an
"TCP/IP Ilustrated" man. Yes, i know, i have to read it.

In the meantime, i want to solve my doubts about the meaning of
some Snort alerts. I have read about the great help of whitehats
site for this, but thats not working now. So where can i go for 
this kind of questions? 

I dont want to overload the list with "What does xxxxxxx alert
means?" questions... i am afraid of being included into some 
drinking_game update.

Thanks in advance!

PABLO

PD: Ah! this is the alert that i dont understand. Its from
my internal net (lot of windows machines) but i dont know
what PC is generating this or why. So "What does BAD TRAFFIC 
0 ttl ALERT means????"

[**] BAD TRAFFIC 0 ttl [**]
02/11-09:08:00.695575 0.0.0.0:68 -> 255.255.255.255:67
UDP TTL:0 TOS:0x0 ID:1 IpLen:20 DgmLen:328
Len: 308
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] BAD TRAFFIC 0 ttl [**]
02/11-16:04:55.535575 0.0.0.0:68 -> 255.255.255.255:67
UDP TTL:0 TOS:0x0 ID:1 IpLen:20 DgmLen:328
Len: 308
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] BAD TRAFFIC 0 ttl [**]
02/11-16:11:53.135575 0.0.0.0:68 -> 255.255.255.255:67
UDP TTL:0 TOS:0x0 ID:1 IpLen:20 DgmLen:328
Len: 308
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users