Snort mailing list archives
What is this alert??
From: "Marc Hering" <mhering () reval com>
Date: Mon, 21 Mar 2005 08:21:13 -0500
Hey All, I keep getting this same alert over and over and over (About 5k times already since Thursday) (spp_stream4) possible EVASIVE RST detection I can't seem to find any usefull info on it aside from that it is detecting a lot of RST requests...Is this a common alert that needs to be tweaked or am I looking at something more sinister? Thanks! <M>
Current thread:
- What is this alert?? Marc Hering (Mar 21)
- Re: What is this alert?? Wes Young (Mar 21)
- <Possible follow-ups>
- Re: What is this alert?? Richard Bejtlich (Mar 21)