[Snort-devel] Snort 2.0 and T/TCP false alarm
shradecky at ...2054...
Mon Jun 30 13:49:02 EDT 2003
To Chris Green:
> > Today Snort alerted me of two encounters of T/TCP packets, seemingly
> > originating from port 0 of sender IP going to port 0 of our server. When I
> > then checked the tcpdump with ethereal, I was able to exactly identify the
> > packet by its signature and all other details listed in the Alert, however
> > both source and destination port were _NOT_ 0.
> Yeah, the option alerts yell before p->dp & p->sp are set resulting in
> the ugly alerts.
> Will be fixed sometime soon..
Thanks a bunch!
More information about the Snort-devel