[Snort-sigs] snort_decoder T/TCP detected

Vincent Vono vincent.vono at ...1538...
Wed May 28 11:20:35 EDT 2003


Since upgrading to snort 2.0, the following is being triggered quite often.

Generated by ACID v0.9.6b19 on Wed May 28, 2003 14:24:00


#(1 - 114829) [2003-05-28 12:48:33]  (snort_decoder): T/TCP Detected
IPv4: ->
      hlen=5 TOS=0 dlen=68 ID=63195 flags=0 offset=0 TTL=52 chksum=50078
TCP:  port=46341 -> dport: 80  flags=******S* seq=588727483
      ack=0 off=12 res=0 win=16384 urp=0 chksum=44986
       #1 - MSS len=2 data=0200
       #2 - NOP len=0
       #3 - WS len=1 data=00
       #4 - NOP len=0
       #5 - NOP len=0
       #6 - TS len=8 data=00AA8F0B00000000
       #7 - NOP len=0
       #8 - NOP len=0
       #9 - CCNEW len=4 data=000CB8CE
Payload: none

I've searched high and low for a solution but...
Anyone have any ideas, and where in Snort can it be disabled, enabled,

Many thanks,
Vince Vono
Zurich North America

******************* PLEASE NOTE *******************
This E-Mail/telefax message and any documents accompanying this
transmission may contain privileged and/or confidential information and is
intended solely for the addressee(s) named above.  If you are not the
intended addressee/recipient, you are hereby notified that any use of,
disclosure, copying, distribution, or reliance on the contents of this
E-Mail/telefax information is strictly prohibited and may result in legal
action against you. Please reply to the sender advising of the error in
transmission and immediately delete/destroy the message and any
accompanying documents.  Thank you.

More information about the Snort-sigs mailing list