Snort mailing list archives
UDP alerts with sneeze
From: sri harsha <harsha536 () gmail com>
Date: Fri, 12 Mar 2010 12:05:56 +0530
Hi, I am using snort 2.8.5.2 version on linux machine. Using sneeze for attacks, I could see alerts generated for icmp rules as attacks. But, for UDP packets, I see the following alert messages. [116:97:1] (snort_decoder): Short UDP packet, length field > payload length [**] [Priority: 3] 03/12-06:17:32.840382 76.0.0.10:0 -> 4.4.4.10:0 UDP TTL:63 TOS:0x10 ID:0 IpLen:20 DgmLen:92 DF UDP header truncated What can be the reason for this? Thanks for any suggestion in advance. Thanks, Sriharsha
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- UDP alerts with sneeze sri harsha (Mar 11)
- Re: UDP alerts with sneeze Russ Combs (Mar 12)