Snort mailing list archives
RE: stream4 issues: possible EVASIVE RST detection
From: "Daniel Miessler" <danielrm26 () hotmail com>
Date: Tue, 15 Oct 2002 13:16:16 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
We are getting inundated by "spp:possible EVASIVE RST detection" alerts. I have tracked these down to about 20 NT 4 servers where apparently the TCP/IP stacks are jacked.
I had the same problem and am using Demarc as well. I haven't tried upgrading to 1.9 yet to see if that was the problem, but you can make that specific preprocessor be quiet while you look into the issue. Use the no_alerts option, or whatever it is, and that will quiet it down. - --danielrm26 -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 (Build 294) Beta iQEVAwUBPaxNX/Lu0CaZEvl2AQKTJQf+O7NmDNmA1oQJbAJuN3QkT0x3kMmyJoMp 3Ag0nW/+Xf5uVOyEpO1yDAXv0esve717BeK26QHd8A/ZQNrO6/Nmma1C8H69YKYO yf6w++Gbpfzsv+1Ro6+b9Pl4HMUFLTI9m52fwor5G945sypziBxrqcGtBiiNQOxM 1LoNDAJWWcpbGdvjmNFM8QsDKdEJCHDBlC1i6r3qgHiHqekjpNCa4ZZES/9BM4jn sfUjPmMHsllEsxk82NBORZQn9SEabrw4j/na1lEVJFTVsBPzRD5DdBn0n+IYVLJo sekGq26I10g2hEu0162AE5b2sOpcMTCuXN8EDaUldr4ZS3GPytYWNQ== =5i7V -----END PGP SIGNATURE----- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- stream4 issues: possible EVASIVE RST detection Ben Keepper (Oct 14)
- Re: stream4 issues: possible EVASIVE RST detection Chris Reining (Oct 14)
- RE: stream4 issues: possible EVASIVE RST detection Daniel Miessler (Oct 15)
- <Possible follow-ups>
- RE: stream4 issues: possible EVASIVE RST detection Miller, Eoin (Oct 15)
- RE: stream4 issues: possible EVASIVE RST detection Daniel Miessler (Oct 15)
- stream4 issues: possible EVASIVE RST detection Ben Keepper (Oct 17)