[Snort-sigs] Missing SYN flag option in SNMP over TCP?

nnposter at ...592... nnposter at ...592...
Thu Apr 29 16:38:03 EDT 2004

I have noticed that rules 1418.3, 1420.3, and 1421.2 will log every TCP
packet to SNMP ports. Is this intentional? In other words, would it not be
sufficient to log only initial, bare SYN packets?

Just an opinion,

More information about the Snort-sigs mailing list