Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Alert with no data

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Wed, 18 Feb 2015 19:41:36 +0000
Hello,

                Can you provide a conf file and the command you are using to start snort?

Also some sample traffic that is triggering the events if possible.

Thanks!

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com

From: Beto C [mailto:beto.cuevas.v () gmail com]
Sent: Wednesday, February 18, 2015 2:33 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Alert with no data

Hello everyone,
I have noticed that my implementation of snort has generated alerts with no data and ever show how source and 
destination IP 0.0.0.0.
I have no idea what may be happening. This only happens, for the moment, with alert POLICY-ICMP Truncated ICMPv6 denial 
of service attempt (27611). The server logs, do not show anything that might help. Hope you can help.
Best regards

Alberto

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: