[Snort-devel] Removal of flags A+ in favor of established
Kreimendahl, Chad J
Chad.Kreimendahl at ...1167...
Tue May 21 09:23:02 EDT 2002
If it makes you feel any better... It stopped doing it on startup when I
test it on our production devices.... So it only happened on dev (Ultra 10
w/ hme cards)
From: Chris Green [mailto:cmg at ...402...]
Sent: Tuesday, May 21, 2002 11:11 AM
To: Kreimendahl, Chad J
Cc: 'snort-devel at lists.sourceforge.net'
Subject: Re: [Snort-devel] Removal of flags A+ in favor of established
"Kreimendahl, Chad J" <Chad.Kreimendahl at ...1167...> writes:
> Intially it was just web traffic coming back from a website into our
> proxy. I just now saw the first one of those appear without having to
> start snort. Came on an SMTP connection with a TTL of 21.
Those will go off in normal traffic if a route drastically changes or
something like that.
The case where it's starting out is a bit more worrying to me. I'll take a
gander at it today sometime
Chris Green <cmg at ...402...>
To err is human, to moo bovine.
More information about the Snort-devel