Educause Security Discussion mailing list archives
Increase in Snort Truncated TCP Options Entries
From: Lois Lehman <LOIS.LEHMAN () ASU EDU>
Date: Mon, 3 May 2004 11:23:11 -0700
Over the past week, we have had an increase of entries like these in our snort logs: [**] (snort_decoder): Truncated Tcp Options [**] 05/01-03:03:56.827803 203.218.63.156:0 -> 129.219.44.47:0 TCP TTL:109 TOS:0x0 ID:58947 IpLen:20 DgmLen:48 DF ******S* Seq: 0x787CFF72 Ack: 0xC267C49C Win: 0x4000 TcpLen: 28 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =+ The source IP on these is from Taiwan, Hong Kong, California this week. Any idea what this is related to? In other words, what is being attempted here? Thanks! Lois Lois Lehman College Network Security Manager Physical Sciences Computer Support Manager College of Liberal Arts & Sciences Arizona State University 480-965-3139 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Increase in Snort Truncated TCP Options Entries Lois Lehman (May 03)