Snort mailing list archives

some strange alerts

From: dawnshade <h-k () mail ru>
Date: Wed, 16 Apr 2003 11:02:49 +0400

uderstand!!!

This ICQ traffic:

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

IP header truncated! (18 bytes)
Not IPv4 datagram! ([ver: 0x0][len: 0x200])
04/16-10:59:00.144035 194.*.*.*:1283 -> 64.12.164.249:80
TCP TTL:126 TOS:0x0 ID:1628 IpLen:20 DgmLen:48 DF
******S* Seq: 0xC8254FA4  Ack: 0x0  Win: 0xFAF0  TcpLen: 28
TCP Options (4) => MSS: 1460 NOP NOP SackOK 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

It bug or feature???


----------
Best regards,
 dawnshade                            mailto:h-k () mail ru



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

some strange alerts dawnshade (Apr 15)
- <Possible follow-ups>
- some strange alerts dawnshade (Apr 16)