Snort mailing list archives

Alerts interpretation

From: henrique de lima arabe - PDBL/uoi <hlima () pbh gov br>
Date: Fri, 12 Sep 2003 11:54:16 -0300

Hello everybody. I got  this BAD TRAFFIC ALERT MESSAGE.
[**] [1:1321:5] BAD TRAFFIC 0 ttl [**]
[Classification: Misc activity] [Priority: 3]
09/12-11:00:52.460511 10.0.24.176:137 -> 10.0.31.255:137
UDP TTL:0 TOS:0x0 ID:3 IpLen:20 DgmLen:78 DF
Len: 50

I tried to find out what it means but didnt get a good explanation of it.
Could anyone tell me more about it? What is the best database to look for
alerts descriptions?

How is it possible to know whether this is a real attack or a legitimateaction?


Thanks in advance

Henri Lima




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Alerts interpretation henrique de lima arabe - PDBL/uoi (Sep 12)