Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Truncated Tcp Options?

From: Chris Green <cmg () uab edu>
Date: Tue, 16 Mar 2004 10:21:18 -0500
Rich Adamson <radamson () routers com> writes:


Thanks for the reference. Are there any known stacks, apps, etc, that
are known to trip the alert, or does this option tend to be one of those
that might be more oriented towards FYI?



FYI.  The RFC states that stacks must deal with these gracefully
though some may not.

It was added when I rewrote the TCP option parser and added support
for just about tcp option representation condition. It's one of those
things that was an FYI and then we could see if that was a common
condition or not.  It usually just goes off on truncated frames AFAIK.
-- 
Chris Green <cmg () dok org>
I've had a perfectly wonderful evening. But this wasn't it.
     -- Groucho Marx



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: