Snort mailing list archives
Re: Too many stealth alerts
From: Erek Adams <erek () theadamsfamily net>
Date: Mon, 15 Apr 2002 12:28:14 -0700 (PDT)
On Mon, 15 Apr 2002, Estes, Matt CPR / FCBS wrote:
I routinely(!) get "Stealth" packets from talkative Exchange servers... is this ok? Why would a machine possible have null flags or every flag set in a TCP packet. Hardware problems?
Yep. Running a MS OS on it. ;-) MS has a nasty habit of not following RFC's. Due to that in many ways the TCP/IP stack of some boxes seems 'broken', since it's not all quite standard. But you're right.... That's not the way it should be. Something is off somewhere. ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Too many stealth alerts Estes, Matt CPR / FCBS (Apr 15)
- Re: Too many stealth alerts Erek Adams (Apr 15)
- <Possible follow-ups>
- RE: Too many stealth alerts Estes, Matt CPR / FCBS (Apr 15)