[Snort-sigs] MISC Tiny Fragments

Chris Green cmg at ...26...
Thu Jan 17 08:59:03 EST 2002


"Noller, Gregory" <Noller2G at ...256...> writes:

> Every 40 minutes, three packets from 211.13.231.126. Like clock work.
>
> src and dst ports unknown, type is listed as ???
>
> Firewall Logs shows no connections, no denials.
>
> packet payload:
>
> 08 00 C6 11 4D 0C 01 00                           ....M...
> 08 00 93 11 4D 0C 02 00                           ....M...
> 08 00 7C 11 4D 0C 03 00                           ..|.M...
>
> 08 00 C2 85 32 0C 02 00                           ....2...
> 08 00 F3 85 32 0C 01 00                           ....2...
> 08 00 AA 85 32 0C 03 00                           ....2...
>

If you think it may be a bug in snort, please follow the instructions
in BUGS as closely as possible

Useful things to have:

current configuration ( including preprocessors )
binary captures of this event occuring ( perhaps even with TCPdump )

Not really sure what is could be.
-- 
Chris Green <cmg at ...26...>
"I'm beginning to think that my router may be confused."




More information about the Snort-sigs mailing list