Snort mailing list archives
Some odd traffic.
From: Matt Linton <mlinton () email arc nasa gov>
Date: Fri, 12 Dec 2003 09:01:24 -0800
Has anyone seen traffic like this before? It's a little bit odd to see TCP port 0 -> Port 0 across the router. Especially with A and R flags, no?
[**] (snort_decoder) WARNING: TCP Data Offset is less than 5! [**] 12/11-16:28:18.618241 192.168.20.81:0 -> 10.0.2.5:0 TCP TTL:128 TOS:0x0 ID:18920 IpLen:20 DgmLen:136*2UA*R** Seq: 0x12502710 Ack: 0x103C225 Win: 0xF437 TcpLen: 12 UrgPtr: 0xFFFF
-- +--------------------------------------------------- | Regards; | Matt Linton | UNIX Systems Administrator | ASANI Solutions, LLC. +--------------------------------------------------- ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Some odd traffic. Matt Linton (Dec 12)
- Re: Some odd traffic. twig les (Dec 12)
- Upgrading Snortalog.pl v1.9 to v2.0.0??? Snortty (Dec 16)
- Re: Upgrading Snortalog.pl v1.9 to v2.0.0??? jérémy chartier (Dec 16)
- oinkmaster.conf enterred disablesid - get enbalbed Snortty (Dec 16)
- Re: oinkmaster.conf enterred disablesid - get enbalbed Andreas Östling (Dec 16)
- Upgrading Snortalog.pl v1.9 to v2.0.0??? Snortty (Dec 16)
- Re: Some odd traffic. twig les (Dec 12)