Snort mailing list archives
BAD TRAFFIC data in TCP SYN packet
From: Lars Jørgensen IT <Lars.Jorgensen () pol dk>
Date: Mon, 14 Jan 2002 07:39:17 +0100
Hi!
I get a lot of
01/14-02:24:17.089098 [**] [1:526:3] BAD TRAFFIC data in TCP SYN packet
[**] [Classification: Misc activity] [Priority: 3] {TCP} 207.46.106.84:29291
-> 172.40.20.235:53
172.40.20.235 is my DNS server, but why would clients put data in the syn
packets? According to RIPE, the source address is "ALLOCATED UNSPECIFIED",
so I can't find out who's doing this. It comes from a limited number of
addresses, they all seem to be 207.xx.xxx.xxx.
I tried Google, but to no avail. Can anybody shed some light on this?
Lars
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- BAD TRAFFIC data in TCP SYN packet Lars Jørgensen IT (Jan 13)
- Re: BAD TRAFFIC data in TCP SYN packet Chris Keladis (Jan 13)
- Re: BAD TRAFFIC data in TCP SYN packet Matt Kettler (Jan 14)
- Re: BAD TRAFFIC data in TCP SYN packet Dewey Paciaffi (Jan 14)
- Re: BAD TRAFFIC data in TCP SYN packet Martin Roesch (Jan 14)
- Re: BAD TRAFFIC data in TCP SYN packet Laurie Zirkle (Jan 15)
- <Possible follow-ups>
- Re: BAD TRAFFIC data in TCP SYN packet Tudor Panaitescu (Jan 14)
- SV: BAD TRAFFIC data in TCP SYN packet Lars Jørgensen IT (Jan 14)
- Re: SV: BAD TRAFFIC data in TCP SYN packet Matt Kettler (Jan 14)
- Re: SV: BAD TRAFFIC data in TCP SYN packet Dan Hollis (Jan 14)
- Re: SV: BAD TRAFFIC data in TCP SYN packet Matt Kettler (Jan 14)
- RE: SV: BAD TRAFFIC data in TCP SYN packet Austad, Jay (Jan 15)
(Thread continues...)