Snort mailing list archives

Previous By Date Next
Previous By Thread Next

UDP alerts with sneeze

From: sri harsha <harsha536 () gmail com>
Date: Fri, 12 Mar 2010 12:05:56 +0530
Hi,
   I am using snort 2.8.5.2 version on linux machine. Using sneeze for
attacks, I could see alerts generated for icmp rules as attacks. But, for
UDP packets, I see the following alert messages.

[116:97:1] (snort_decoder): Short UDP packet, length field > payload length
[**]
[Priority: 3]
03/12-06:17:32.840382 76.0.0.10:0 -> 4.4.4.10:0
UDP TTL:63 TOS:0x10 ID:0 IpLen:20 DgmLen:92 DF
UDP header truncated

What can be the reason for this? Thanks for any suggestion in advance.

Thanks,
Sriharsha

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: