[Snort-devel] Drowning in ECN triggered false positives

Todd Lewis tlewis at ...120...
Thu Jan 25 09:27:04 EST 2001


On Thu, 25 Jan 2001, Erich Meier wrote:

> Hi all!
> 
> Is there a solution known how to prevent those false positives caused by
> Linux 2.4's ECN? I am drowning in single packet portscans.

For those who, like me, did not know what ECN is, it's Explicit Congestion
Notification.  Viz. RFC 2481, "http://www.ietf.org/rfc/rfc2481.txt".

--
Todd Lewis                                       tlewis at ...120...

  God grant me the courage not to give up what I think is right, even
  though I think it is hopeless.          - Admiral Chester W. Nimitz





More information about the Snort-devel mailing list