Snort mailing list archives
Re: Please help me understand this alert output
From: Hanasaki JiJi <hanasaki () hanaden com>
Date: Fri, 29 Nov 2002 12:35:10 -0600
Code red shouldnt exist on my network. There are 4 systems and they are all Linux.
Since I am new to snort, could you provide a bit more help? I understand the rule. Question is: how do I track down what is sending the packets?
Hicks, John wrote:
Snort FAQ: http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.3.7 GIAC GCIA - Fragmented Code Red: http://cert.uni-stuttgart.de/archive/intrusions/2002/08/msg00246.html HTH, John Hicks -----Original Message----- From: Hanasaki JiJi [mailto:hanasaki () hanaden com] Sent: Friday, November 29, 2002 12:41 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Please help me understand this alert outputBelow is one of MANY alerts being loged on my internal network. It is a very small network. how can i find what is causing the bad traffice, and rectify it?[**] [1:1322:4] BAD TRAFFIC bad frag bits [**] [Classification: Misc activity] [Priority: 3] 11/29-11:38:11.405389 192.168.1.200 -> 192.168.1.1 UDP TTL:64 TOS:0x0 ID:12106 IpLen:20 DgmLen:1500 DF MF Frag Offset: 0x0000 Frag Size: 0x05C8 -------------------------------------------------------This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- ================================================================= = Management is doing things right; leadership is doing the = = right things. - Peter Drucker = =_______________________________________________________________= = http://www.sun.com/service/sunps/jdc/javacenter.pdf = = www.sun.com | www.javasoft.com | http://wwws.sun.com/sunone = ================================================================= -------------------------------------------------------This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Please help me understand this alert output Hanasaki JiJi (Nov 29)
- <Possible follow-ups>
- RE: Please help me understand this alert output Hicks, John (Nov 29)
- Re: Please help me understand this alert output Hanasaki JiJi (Nov 29)