[Snort-devel] Removal of flags A+ in favor of established

Chris Green cmg at ...402...
Tue May 21 09:14:02 EDT 2002


"Kreimendahl, Chad J" <Chad.Kreimendahl at ...1167...> writes:

> Intially it was just web traffic coming back from a website into our proxy.
> I just now saw the first one of those appear without having to start snort.
> Came on an SMTP connection with a TTL of 21.

Those will go off in normal traffic if a route drastically changes or
something like that.

The case where it's starting out is a bit more worrying to me. I'll
take a gander at it today sometime
-- 
Chris Green <cmg at ...402...>
To err is human, to moo bovine.




More information about the Snort-devel mailing list