[Snort-devel] Snort 2.0 and T/TCP false alarm

Simon Hradecky shradecky at ...2054...
Mon Jun 30 13:49:02 EDT 2003


To Chris Green:

Chris,

> > Today Snort alerted me of two encounters of T/TCP packets, seemingly 
> > originating from port 0 of sender IP going to port 0 of our server. When I 
> > then checked the tcpdump with ethereal, I was able to exactly identify the 
> > packet by its signature and all other details listed in the Alert, however 
> > both source and destination port were _NOT_ 0. 

> Yeah, the option alerts yell before p->dp & p->sp are set resulting in
> the ugly alerts.

> Will be fixed sometime soon..

Thanks a bunch!

Simon








More information about the Snort-devel mailing list