[Snort-devel] Removal of flags A+ in favor of established

Kreimendahl, Chad J Chad.Kreimendahl at ...1167...
Tue May 21 09:23:02 EDT 2002


If it makes you feel any better... It stopped doing it on startup when I
test it on our production devices.... So it only happened on dev (Ultra 10
w/ hme cards)

-----Original Message-----
From: Chris Green [mailto:cmg at ...402...] 
Sent: Tuesday, May 21, 2002 11:11 AM
To: Kreimendahl, Chad J
Cc: 'snort-devel at lists.sourceforge.net'
Subject: Re: [Snort-devel] Removal of flags A+ in favor of established


"Kreimendahl, Chad J" <Chad.Kreimendahl at ...1167...> writes:

> Intially it was just web traffic coming back from a website into our 
> proxy. I just now saw the first one of those appear without having to 
> start snort. Came on an SMTP connection with a TTL of 21.

Those will go off in normal traffic if a route drastically changes or
something like that.

The case where it's starting out is a bit more worrying to me. I'll take a
gander at it today sometime
-- 
Chris Green <cmg at ...402...>
To err is human, to moo bovine.




More information about the Snort-devel mailing list