Snort mailing list archives
Re: Strange Alert
From: John Gay <john.gay () sourcefire com>
Date: Wed, 10 Feb 2010 08:36:20 -0500
It is a preprocessor alert from dcerpc2 - Connection-oriented DCE/RPC - Fragment length on non-last fragment less than maximum negotiated fragment transit size for client. j On Wed, Feb 10, 2010 at 7:06 AM, Jens Link <jenslink () gmx de> wrote:
Hi, I have a snort (2.8.5.2) setup here using barnyard (2.1.7) and base (1.4.4). Everything works as expected except for one alert which shows up on base: [snort] Snort Alert [133:34:0] unclassified I greped /etc/snort and the source and didn't find anything. Any ideas? Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://www.quux.de | http://blog.quux.de | jabber: jenslink () guug de | ------------------------------------------------------------------------- ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Strange Alert Jens Link (Feb 10)
- Re: Strange Alert Nigel Houghton (Feb 10)
- Re: Strange Alert Jens Link (Feb 10)
- Re: Strange Alert Todd Wease (Feb 10)
- Re: Strange Alert Nigel Houghton (Feb 10)
- Re: Strange Alert Jens Link (Feb 10)
- Re: Strange Alert Jens Link (Feb 10)
- Re: Strange Alert Nigel Houghton (Feb 10)
- Re: Strange Alert John Gay (Feb 10)
- Re: Strange Alert Dirk Geschke (Feb 10)