Snort mailing list archives
Truncated Tcp Options?
From: Rich Adamson <radamson () routers com>
Date: Mon, 15 Mar 2004 15:57:38 -0600
Can someone help me understand the following alert? (snort v2.1, current rules)
snort: [116:55:1] (snort_decoder): Truncated Tcp Options {TCP} 215.144.24.31:80 ->
10.10.91.29:1354
This is from outside -> inside (a response packet). Seems thus far to only
be associated with one workstation (or mabe a single remoe site).
Not sure how to deal with this. Suggestions?
Rich
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Truncated TCP options? Jeff Kell (Jan 21)
- Re: Truncated TCP options? MH (Jan 22)
- <Possible follow-ups>
- Truncated Tcp Options? Rich Adamson (Mar 15)
- Re: Truncated Tcp Options? ypwhich (Mar 16)
- Re: Truncated Tcp Options? Rich Adamson (Mar 16)
- Re: Truncated Tcp Options? Chris Green (Mar 16)
- Re: Truncated Tcp Options? Rich Adamson (Mar 16)
- Re: Truncated Tcp Options? ypwhich (Mar 16)