Snort mailing list archives
Strange Alerts
From: Brett.Gillett () tsx com
Date: Tue, 22 Apr 2003 13:19:23 -0400
Hey everyone, I have a question regarding alerts that we started to receive once we upgraded to Snort 2.0, it seems that all of our sensors started generating T/TCP Detected alerts [**] [116:56:1] (snort_decoder): T/TCP Detected [**] 04/22-13:16:28.246763 AAA.AAA.AAA.AAA:0 -> BBB.BBB.BBB.BBB:0 TCP TTL:58 TOS:0x0 ID:24222 IpLen:20 DgmLen:68 DF ******S* Seq: 0xDD50750C Ack: 0x93F8748B Win: 0x4000 TcpLen: 48 TCP Options (9) => MSS: 1380 NOP WS: 0 NOP NOP TS: 191472669 0 TCP Options => NOP NOP CCNEW: 47828988 Anyone have any ideas on what this is? Thanks, Brett
Current thread:
- Strange Alerts Brett . Gillett (Apr 23)
- <Possible follow-ups>
- Re: Strange Alerts Neil Dickey (Apr 23)
- Re: Strange Alerts Artur Bittencourt (Apr 23)
- Re: Strange Alerts Erek Adams (Apr 23)
- Re: Strange Alerts David Alonso De La Vega Tapage (Apr 23)
- Re: Strange Alerts Artur Bittencourt (Apr 23)
- Re: Strange Alerts Neil Dickey (Apr 23)
- Re: Strange Alerts Brett . Gillett (Apr 23)
- RE: Strange Alerts Allen, Garrett (Apr 23)
- Re: Strange Alerts Brett . Gillett (Apr 23)