Snort mailing list archives

Previous By Date Next
Previous By Thread Next

spp_stream4 Steath activity

From: John Hally <JHally () epnet com>
Date: Fri, 30 May 2003 11:25:23 -0400
Hello All,

I'm seeing a good amount of these alerts coming from the stream4
preprocessor.  For the most part the payload of the packets look normal, but
they all have ACK,PUSH,RST set.   Has anyone else seen this behavior?  The
traffic is originating from a proxy of some sort and destined for an
2000/IIS5 server, if that helps.

Thanks.


-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: