Snort mailing list archives
BAD TRAFFIC bad frag bits
From: Clayton Mascarenhas <masclaythesnort () yahoo com>
Date: Thu, 27 Mar 2003 15:41:58 -0800 (PST)
Hi list, I got this "Bad traffic bad frag bits" alert. 03/20-01:00:09.476681 [**] [1:1322:4] BAD TRAFFIC bad frag bits [**] [Classification: Misc activity] [Priority: 3] {UDP} 2.3.4.5 -> 1.2.3.4 This comes when the Dont Fragment and More fragment bits are set. When will this situation occur?? In the alert shown what could possibly make the 2.3.4.5 machine send such a packet to 1.2.3.4? And why would an attacker want to craft such a packet when it actually doesnt help the attacker in any way? Thanks in advance. --------------------------------- Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
Current thread:
- BAD TRAFFIC bad frag bits Clayton Mascarenhas (Mar 27)
- Re: BAD TRAFFIC bad frag bits Jeff Nathan (Mar 27)