Snort mailing list archives
Truncated Tcp Options?
From: Rich Adamson <radamson () routers com>
Date: Mon, 15 Mar 2004 15:57:38 -0600
Can someone help me understand the following alert? (snort v2.1, current rules) snort: [116:55:1] (snort_decoder): Truncated Tcp Options {TCP} 215.144.24.31:80 -> 10.10.91.29:1354 This is from outside -> inside (a response packet). Seems thus far to only be associated with one workstation (or mabe a single remoe site). Not sure how to deal with this. Suggestions? Rich ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Truncated TCP options? Jeff Kell (Jan 21)
- Re: Truncated TCP options? MH (Jan 22)
- <Possible follow-ups>
- Truncated Tcp Options? Rich Adamson (Mar 15)
- Re: Truncated Tcp Options? ypwhich (Mar 16)
- Re: Truncated Tcp Options? Rich Adamson (Mar 16)
- Re: Truncated Tcp Options? Chris Green (Mar 16)
- Re: Truncated Tcp Options? Rich Adamson (Mar 16)
- Re: Truncated Tcp Options? ypwhich (Mar 16)