Snort mailing list archives
Re: how to stop these UDP TCP alerts?
From: Erek Adams <erek () snort org>
Date: Wed, 24 Sep 2003 15:18:53 -0400 (EDT)
On Wed, 24 Sep 2003, jlarsson () altavoz net wrote:
I have scanned through mailinglists looking for which "false alerts" these TCP checks will stop. I get the following messages in my alert file (snort_decoder): Short UDP packet, length field > payload length (snort_decoder) WARNING: TCP Header length exceeds packet length! (snort_decoder): Truncated Tcp Options where can i find an explanation of what these means "Stop generic decode event", "Stop alerts on experimental TCP options", etc.
Have a look in snort.conf. There's a whole section that deals with those types of alerts! :) ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- how to stop these UDP TCP alerts? Clayton Mascarenhas (Sep 22)
- Re: how to stop these UDP TCP alerts? Erek Adams (Sep 23)
- Re: how to stop these UDP TCP alerts? jlarsson (Sep 24)
- Re: how to stop these UDP TCP alerts? Erek Adams (Sep 24)
- Re: how to stop these UDP TCP alerts? jlarsson (Sep 24)
- Re: how to stop these UDP TCP alerts? Phil Wood (Sep 25)
- Re: how to stop these UDP TCP alerts? jlarsson (Sep 24)
- Re: how to stop these UDP TCP alerts? Erek Adams (Sep 23)