Snort mailing list archives
Re: Snort, Queso and iptables
From: Olaf Schreck <chakl () syscall de>
Date: Wed, 10 Oct 2001 12:57:44 +0200
Actually I reckon someone was posting a while ago on some(this?) mailing list that certain versions of linux kernel craft packets in such way that they appear as queso prints (some erroneous flags or something), if someone is interested, I can really dig it up, but being short you can blame broken linux kernel here :-)
s/broken/recent/ The Linux 2.4 kernels implement TCP ECN (RFC 2481) for traffic congestion notification. ECN makes use of 2 bits in the TCP header that were reserved before. As the original poster was connecting to a Linux site, I'd assume it's 2.4 ECN rather than a Queso probe. ciao, chakl -- Olaf Schreck, Syscall Network Solutions AG, Berlin _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort, Queso and iptables [FIDUCIA virengeprüft - ohne Gewähr, daß alle bekannten Viren und deren Varianten erkannt wurden.] Thomas Schweikle (Oct 09)
- Re: Snort, Queso and iptables [FIDUCIA virengepruft - ohne Gewahr, das alle bekannten Viren und deren Varianten erkannt wurden.] Fyodor (Oct 09)
- Re: Snort, Queso and iptables Olaf Schreck (Oct 10)
- Re: Snort, Queso and iptables [FIDUCIA virengepruft - ohne Gewahr, das alle bekannten Viren und deren Varianten erkannt wurden.] Fyodor (Oct 09)