Snort mailing list archives
Short UDP Packet
From: FG12sqTSS () aol com
Date: Thu, 19 Feb 2004 13:57:33 EST
Snort 2.1 produces alerts "Short UDP Packet" Length field > payload length. All alerts are from various a.b.c.d:0 -> e.f.g.h:0, where DST is frequently a broadcast address. TTL=128; ID# increments normally; Dgmlen=265. The network is 100% MS windows and Cisco. What traffic generates this as a potentially hostile packet vs. acceptable use? Fred Gross III Total System Security, LLC
Current thread:
- Short UDP Packet FG12sqTSS (Feb 24)