Snort mailing list archives
RE: TTL EVASION
From: "RR" <rehmanr () dedicatedtech com>
Date: Thu, 1 Aug 2002 14:07:51 -0400
AFAIK this should come from either frag2 or stream4 preprocessors. This is triggered based upon difference of TTL in a conversation (Correct me if I am wrong). It may be caused by traceroute command. Try disabling these two plugins one by one to find out the exact source of the message. Rafeeq Rehman -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Sheahan, Paul (PCLN-NW) Sent: Thursday, August 01, 2002 11:06 AM To: Snort List (E-mail) Subject: [Snort-users] TTL EVASION Hello, I just upgraded to Snort 1.8.7 and running on RHLinux 7.0 I'm getting tons of these alerts - "TTL EVASION (reassemble) detection". What do these indicate and how can I turn this off? Thanks ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- TTL EVASION Sheahan, Paul (PCLN-NW) (Aug 01)
- RE: TTL EVASION RR (Aug 01)