[Snort-devel] reserved flags + spp_stream4
cmg at ...402...
Mon Mar 31 05:47:09 EST 2003
Jon <warchild at ...1775...> writes:
> Is it necessary to alert on this stuff? Since these are the ECN and CWR
> flags (I think, anyway. I could be a bit rusty right now) and the
> existence of these flags isn't necessarily a sign of malicious intent,
> could the alerting process be re-thought or explained?
It's an artifact of a bugfix. Yes they need to be reexamined for ECN
In the meantime, disable 'detect_scans' from your stream4
Chris Green <cmg at ...402...>
To err is human, to moo bovine.
More information about the Snort-devel