DDoS?? almost 40k 'TCP Data Offset is less than 5!' alerts in 30 mins

[lpj0508 () netscape net]

hi,

i've been seeing around 30 tcp data offset alerts daily on my ids, and was not really worried by that.

what got me worried was what happened last night when there was a sudden flood of such packets hitting 1 of my servers. 
this happened for abt 30 mins and the packets all came from different sources. furthermore, the destination ports of 
the packets seem to be random (most of these not even listening ports on my server).

it looks really like a kind of distributed denial of service attack to me. has anyone seen this before? is such packets 
(tcp offset < 5) known to cause any harm to a system, ie. higher load, compromise?

hope someone can shed some light on this.

lpj

__________________________________________________________________
McAfee VirusScan Online from the Netscape Network.
Comprehensive protection for your entire computer. Get your free trial today!
http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397

Get AOL Instant Messenger 5.1 free of charge.  Download Now!
http://aim.aol.com/aimnew/Aim/register.adp?promo=380455


-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users