[Snort-devel] Drowning in ECN triggered false positives
Erich.Meier at ...2...
Thu Jan 25 07:24:49 EST 2001
Is there a solution known how to prevent those false positives caused by
Linux 2.4's ECN? I am drowning in single packet portscans.
scansToWatch &= ~sRESERVEDBITS;
in spp_portscan.c did not help.
Is there a workaround in the pipeline? I saw that Marty did the neccessary
changes to the TOS plugin, but is there anyone working on the portscan spp?
More information about the Snort-devel