[Snort-devel] Removal of flags A+ in favor of established
cmg at ...402...
Tue May 21 08:55:03 EDT 2002
"Kreimendahl, Chad J" <Chad.Kreimendahl at ...1167...> writes:
> When I first start up snort on a large pipe, I'll get a few of these. It's
> a short burst of them (10-20 in my tests), that doesn't happen again (or
> hasn't happened again in the 10 minutes I've had it running).
Hrm. It'd be itneresting to see whats causing those because the first
packets should set the ttl and then only check for a diffence of
What kind of traffic do they alert on at first?
Chris Green <cmg at ...402...>
"Not everyone holds these truths to be self-evident, so we've worked
up a proof of them as Appendix A." -- Paul Prescod
More information about the Snort-devel