[Snort-devel] Drowning in ECN triggered false positives

Erich Meier Erich.Meier at ...2...
Thu Jan 25 09:32:10 EST 2001


On Thu, Jan 25, 2001 at 09:27:04AM -0500, Todd Lewis wrote:
> On Thu, 25 Jan 2001, Erich Meier wrote:
> 
> > Hi all!
> > 
> > Is there a solution known how to prevent those false positives caused by
> > Linux 2.4's ECN? I am drowning in single packet portscans.
> 
> For those who, like me, did not know what ECN is, it's Explicit Congestion
> Notification.  Viz. RFC 2481, "http://www.ietf.org/rfc/rfc2481.txt".

Ups, sorry 'bout that.

There was a lengthy discussion about ECN on the snort lists (can't remember if
it was on snort-devel) recently, so I assumed that everyone knows what it
means.

Sorry,
Erich




More information about the Snort-devel mailing list