Snort mailing list archives
Fragmented RPC Records
From: John Hally <JHally () epnet com>
Date: Thu, 6 Mar 2003 15:41:10 -0500
Hello, I'm seeing a lot of (spp_rpc_decode) Fragmented RPC Records and (spp_rpc_decode) Incomplete RPC segment going to one particular address, which resolves back to a firewall as best as I can tell. I've looked at the packets and they do not seem to be malicious, but all have a destination port of 32771. I'm thinking snort is tripping on the high port number, but wanted to throw it out there to see if anyone can shed more light on this. Thanks in advance, John. ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Fragmented RPC Records John Hally (Mar 06)
- <Possible follow-ups>
- RE: Fragmented RPC Records Cloppert, Michael (Mar 25)