Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Fragmented RPC Records

From: John Hally <JHally () epnet com>
Date: Thu, 6 Mar 2003 15:41:10 -0500

Hello,

I'm seeing a lot of (spp_rpc_decode) Fragmented RPC Records  and
(spp_rpc_decode) Incomplete RPC segment going to one particular address,
which resolves back to a firewall as best as I can tell.  I've looked at the
packets and they do not seem to be malicious, but all have a destination
port of 32771.  I'm thinking snort is tripping on the high port number, but
wanted to throw it out there to see if anyone can shed more light on this.

Thanks in advance,

John.





-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: