Snort mailing list archives
Anyone seen this before - contains html
From: Dan Ferris <dferris () maad com>
Date: Thu, 28 Aug 2003 10:21:00 -0600
ID # Time Triggered Signature3 - 248826 2003-08-27 12:56:35 [snort <http://www.snort.org/snort-db/sid.html?sid=46>] (snort_decoder) WARNING: TCP Header length exceeds packet length!
Sensor name interface filtereth1 /none/
AlertGroup /none/
IPsource addr dest addr Ver Hdr Len TOS length ID flags offset TTL chksum
<http://199.45.236.4/acid/acid_stat_ipaddr.php?ip=199.45.236.10&netmask=32> 4 5 0 40 11306 0 0 109 49842 FQDN Source Name Dest. Name Options /none / CP source port dest port R 1 R 0 U R G A C K P S H R S T S Y N F I N seq # ack offset res window urp chksum29396 <http://www.snort.org/ports.html?port=29396> 80 <http://www.snort.org/ports.html?port=80>
X X X X X 98015812 3705565293 7 0 28781 28781 10261 Anyone know what program generated this? This isn't nmap is it? ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Anyone seen this before - contains html Dan Ferris (Aug 28)